From ea1857e3b82df2a837089c27d8f986da2385e86b Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 31 Jul 2017 11:28:33 +0200
Subject: [PATCH] vti: Disable policy lookups for VTI devices

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/functions/functions.ip-tunnel | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/functions/functions.ip-tunnel b/src/functions/functions.ip-tunnel
index df59aade..5e6bd8e6 100644
--- a/src/functions/functions.ip-tunnel
+++ b/src/functions/functions.ip-tunnel
@@ -109,6 +109,13 @@ ip_tunnel_add() {
 		error "Could not create tunnel device ${device}"
 		return ${EXIT_ERROR}
 	fi
+
+	# Disable policy lookups for VTI devices
+	if [ "${mode}" = "vti" ]; then
+		sysctl_set "net.ipv4.conf.${device}.disable_policy" "1"
+	fi
+
+	return ${EXIT_OK}
 }
 
 ip_tunnel_del() {
-- 
2.39.2