Gateway with alternate monitor ip creates unexpected ICMP redirect
I created a gateway with the LAN IP address, and a remote machine's IP (reachable via an IPSEC tunnel) to monitor the health of the tunnel.
When pinging the remote machine from the LAN, every ping will throw an additional redirect. Most machines will simply ignore this, but a voice device did not and further on tried to resolve the remote machine's MAC using arp-who-has because it was redirected away from the std-gw.
I didn't expect any side effects from a gateway definition until it's actually used. Specifically, I wonder what this redirect should be good for.
Worse: the redirect happens even if the gateway entry is disabled. Only way to stop is deleting, or setting net.inet.ip.redirect=0
Updated by Andreas Pflug almost 6 years ago
Jim P wrote:
That is expected behavior. When you add a monitor IP address it adds a route to it through the specified gateway. The gateway monitoring system isn't meant to be an NMS in that fashion.
That monitored address is indeed reachable through that gateway, but the redirect notifies that it should be accessed directly, which is obviously wrong.
In addition, IMHO it's unexpected that a disabled entry still has some effect.