RE: [Geopriv] HELD guidance for IP address ID

From: Marc Linsner ^lt;>
Date: Wed Nov 07 2007 - 11:11:41 EST


> To minimize the impact of VPNs that do not support split
> tunneling, endpoints using IP address as the HELD identifier
> need to do their HELD query prior to establishing a VPN tunnel.

Even if the VPN soft client supports split tunneling (allowing traffic on
the local subnet as well as the tunnel), this does not guarantee that HELD
will work. When an end host has more than one interface, in this case a
tunnel interface and local network interface, you must be ensure that the
routing table in the host sends the HELD request via the correct interface
otherwise the request will arrive at the LIS with an unknown source address
on the packet. My experience has been that VPN tunnel establishment
modifies the host routing table such that the only traffic put out the local
network interface is traffic destined for that subnet (the default gateway
is on the tunnel).


Geopriv mailing list
Received on Wed, 7 Nov 2007 11:11:41 -0500

This archive was generated by hypermail 2.1.8 : Wed Nov 07 2007 - 11:12:06 EST