From patchwork Sun Aug  2 17:55:02 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: fff-gateway: Send ICMP errors using inbound ifaddr
From: Fabian Blaese <fabian@blaese.de>
X-Patchwork-Id: 1417
Message-Id: <20200802175502.451663-5-fabian@blaese.de>
To: franken-dev@freifunk.net
Date: Sun,  2 Aug 2020 19:55:02 +0200

When using NATs and tunnels at the same time, the correct
source address has to be used so the ICMP errors is sent
through the NAT. This is necessary so the NAT can modify
the ICMP payload so it is correctly identified by the
destination host, which is required for PMTUD

Fixes: #142
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
---
 .../fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf     | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
index 62bda1b..885afb7 100644
--- a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
+++ b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
@@ -3,3 +3,6 @@ net.ipv4.conf.all.forwarding=1
 net.ipv4.ip_forward=1
 net.ipv6.conf.all.forwarding=1
 net.ipv6.conf.default.forwarding=1
+
+# Use inbound ifaddr for icmp errors to ensure correct PMTUD when using far-away NAT
+net.ipv4.icmp_errors_use_inbound_ifaddr=1