| commit | 73fcc3f6560240d0d5dde15927cc0b51dc692dd5 | [log] [tgz] |
|---|---|---|
| author | Paul Stewart <pstew@chromium.org> | Mon Feb 25 12:16:53 2013 -0800 |
| committer | ChromeBot <chrome-bot@google.com> | Wed Feb 27 15:46:46 2013 -0800 |
| tree | 43e735005ac07fa6db1ae4df269c7caf310b0057 | |
| parent | a59f7b9badec5b693661a56f7d7e45feabcaf26e [diff] |
shill: Connection: Correct routability to trusted IP In order to send outgoing traffic in a point-to-point network bundled within a VPN to a trusted peer IP address, the gateway IP address isn't of significance. As opposed to broadcast networks, in the inner point-to-point network we never ARP for the gateway IP address, but just send the IP packet addressed to the recipient. As such, since using the external trusted IP address as the gateway or peer wreaks havoc on the routing rules, we remove the gateway address altogether and rely on an interface-based route across the point-to-point link. BUG=chromium-os:37765 TEST=Unit tests, run with Cisco-ASA (for regressions -- does not work any worse with current configuraton; confirmed via packet trace that output packets are encapsulated currectly within L2TP/PPP/ESP), and IP address is set as explained above. Also connect to customer VPN network which started the bug above and verified end-to-end connectivity (http transfer). Change-Id: I9dd4de28464777663da11e9f731a5746d2eebb7c Reviewed-on: https://gerrit.chromium.org/gerrit/43927 Tested-by: Paul Stewart <pstew@chromium.org> Reviewed-by: Darin Petkov <petkov@chromium.org> Reviewed-by: mukesh agrawal <quiche@chromium.org> Commit-Queue: Paul Stewart <pstew@chromium.org>