From owner-freebsd-net@FreeBSD.ORG  Wed Dec 17 19:57:17 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B16561065676
	for <freebsd-net@freebsd.org>; Wed, 17 Dec 2008 19:57:17 +0000 (UTC)
	(envelope-from lev@serebryakov.spb.ru)
Received: from ftp.translate.ru (ftp.translate.ru [195.131.4.140])
	by mx1.freebsd.org (Postfix) with ESMTP id 637388FC1C
	for <freebsd-net@freebsd.org>; Wed, 17 Dec 2008 19:57:17 +0000 (UTC)
	(envelope-from lev@serebryakov.spb.ru)
Received: from desktop.home.serebryakov.spb.ru (blacklion.dialup.corbina.ru
	[89.179.122.169]) (Authenticated sender: lev@serebryakov.spb.ru)
	by ftp.translate.ru (Postfix) with ESMTPA id 9195213DF46
	for <freebsd-net@freebsd.org>; Wed, 17 Dec 2008 23:05:04 +0300 (MSK)
Date: Wed, 17 Dec 2008 22:57:11 +0300
From: Lev Serebryakov <lev@serebryakov.spb.ru>
X-Priority: 3 (Normal)
Message-ID: <976792756.20081217225711@serebryakov.spb.ru>
To: freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: quoted-printable
Subject: ifconfig <point-to-point-iface> <ip> <dest> add route "<dest> <ip>"
	to table -- why?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Dec 2008 19:57:17 -0000

Hello, Freebsd-net.

 Why does adding address and destination for point-to-point interface
add route for destination address? It is not always right. For
example, many providers have VPN concentrator address same as "remote
end" address and this default create loop -- VPN packets (TCP, UDP or
GRE ones)goes into tunnel itself, ooops, host locked up... It could be
fixed by deleting route right after tunnel creation via if-up script.

 But second problem doesn't have good solution, read ahead...

 Another problem, created by this default, is like this: if we have
routing record for other tunnel end already (because it IS VPN server
and we NEED routing to it to CREATE tunnel!), me can not assign tunnel
interface address and connection fails :( I don't see any workaround
for this :(

--=20
// Black Lion AKA Lev Serebryakov <lev@serebryakov.spb.ru>