I'm setting up a VPN on my linux server and I wanted to have firewall rules to control communication between clients so in my OpenVPN configuration I removed
client-to-client so OpenVPN pass all of the traffic to the kernel.
Once I did this and did a ping from one client to another, I would get these ICMP Redirect messages but the ping would work.
$ ping 192.168.12.127 PING 192.168.12.127 (192.168.12.127): 56 data bytes 64 bytes from 192.168.12.127: icmp_seq=0 ttl=63 time=59.198 ms 92 bytes from 192.168.12.1: Redirect Host(New addr: 192.168.12.127) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 b2ac 0 0000 3f 01 f1d7 192.168.12.128 192.168.12.127 64 bytes from 192.168.12.127: icmp_seq=1 ttl=63 time=54.229 ms 92 bytes from 192.168.12.1: Redirect Host(New addr: 192.168.12.127) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 b854 0 0000 3f 01 ec2f 192.168.12.128 192.168.12.127 64 bytes from 192.168.12.127: icmp_seq=2 ttl=63 time=55.497 ms 64 bytes from 192.168.12.127: icmp_seq=3 ttl=63 time=54.718 ms
After a bit of Googling I found this forum post which mentions traffic that comes in from one interface and goes out the same interface on linux causes the redirects. I then found there's a sysctl that controls this behavour called net.ipv4.conf.all.send_redirects. So a quick
sysctl net.ipv4.conf.all.send_redirects=0 and the redirects went away and all was right in the world.