From 3e3bd9ceadf0eff5adaf19b317824964ed7b0f4d Mon Sep 17 00:00:00 2001 From: JackDoan Date: Wed, 4 Mar 2026 13:38:58 -0600 Subject: [PATCH] add some context for the next guy --- overlay/tun_linux.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/overlay/tun_linux.go b/overlay/tun_linux.go index 9e6a7581..1b70e8b3 100644 --- a/overlay/tun_linux.go +++ b/overlay/tun_linux.go @@ -560,6 +560,10 @@ func (t *tun) addRoutes(logErrors bool) error { } if t.snatAddr.IsValid() { + //at least for Linux, we need to set a return route for the SNATted traffic in order to satisfy the reverse-path filter, + //and to help the kernel deliver our reply traffic to the tun device. + //however, it is important that we do not actually /assign/ the SNAT address, + //since link-local addresses will not be routed between interfaces without significant trickery. return t.setSnatRoute() } return nil