From owner-freebsd-net@freebsd.org Sun Aug 16 14:26:40 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 824D59BAC08 for ; Sun, 16 Aug 2015 14:26:40 +0000 (UTC) (envelope-from james@lottspot.com) Received: from mx0.lottspot.com (sfo.lottspot.com [198.199.98.33]) by mx1.freebsd.org (Postfix) with ESMTP id 69C761ECB for ; Sun, 16 Aug 2015 14:26:39 +0000 (UTC) (envelope-from james@lottspot.com) Received: from localhost (localhost [127.0.0.1]) by mail.lottspot.com (Postfix) with ESMTP id 2712F41277 for ; Sun, 16 Aug 2015 07:26:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lottspot.com; h= content-type:content-type:content-transfer-encoding:mime-version :references:in-reply-to:user-agent:organization:message-id:date :date:subject:subject:from:from:received:received; s=mail; t= 1439735145; bh=I/tkt4pB+4FbLMHEaDuHj5aExrNQKM6cADwX0NFbzJc=; b=E Me253fqmZfv6qNalr/wZTfvr9StJB/mwZZJsRae2P6IkkBpRo78fAHK2OFE/8zSE G2bW6iJgz/asWa0nAFOCz+EsYm2fozPMD/6cKAAn34GjkXqxQiaI1pQDNE4ICd4Q DnxkTvgR/ale0jK+KtQjxG2LtXdEceVqytVFBs30O8= X-Virus-Scanned: amavisd-new at lottspot.com Received: from mx0.lottspot.com ([127.0.0.1]) by localhost (mail.lottspot.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id irwqSujvwRXn for ; Sun, 16 Aug 2015 07:25:45 -0700 (PDT) Received: from arch_project.localnet (h69-131-58-73.nrfdvt.dsl.dynamic.tds.net [69.131.58.73]) by mx0.lottspot.com (Postfix) with ESMTPSA id D169641265 for ; Sun, 16 Aug 2015 07:25:44 -0700 (PDT) From: James Lott To: freebsd-net@freebsd.org Subject: Re: Ethernet tunneling options under FreeBSD Date: Sun, 16 Aug 2015 07:25:40 -0700 Message-ID: <2049148.2xMuIgxkh4@arch_project> Organization: LottSpot User-Agent: KMail/4.14.10 (Linux/4.1.4-1-ARCH; KDE/4.14.10; x86_64; ; ) In-Reply-To: <55D09884.7010102@freebsd.org> References: <55CD1CE6.2010502@lottspot.com> <2628655.0T22OuP5Ng@arch_project> <55D09884.7010102@freebsd.org> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Aug 2015 14:26:40 -0000 > you can do this on freebsd with no added software > look at /usr/share/examples/netgraph. In particular the ether.bridge, > virtual.lan and the udp.tunnel > examples. > You should be able to create a script that will tunnel two ethernet > bridges together using elements from each script. Ah, ok, I'm understanding your original suggestion better now. If that is the case, I will definitely be checking out netgraph examples. Having simple tunnel connections for tap devices in this manner is something I've been after for a while, and I think will be desirable for certain hosts I intend to connect to the VPN. Thank you for this great suggestion! On Sunday, August 16, 2015 22:04:52 Julian Elischer wrote: > On 8/15/15 11:32 AM, James Lott wrote: > > n2n honestly looks wonderful, but it also appears to be dead... I'm trying > > to stay as close to the OS layer as possible with my options, so I would > > prefer to limit the role of comprehensive software like OpenVPN or what > > ZeroTierOne appears to be. > > > > I actually found this interesting github project, which provides a simple > > solution for what I'm trying to do... > > > > https://github.com/vsergeev/tinytaptunnel > > you can do this on freebsd with no added software > look at /usr/share/examples/netgraph. In particular the ether.bridge, > virtual.lan and the udp.tunnel > examples. > You should be able to create a script that will tunnel two ethernet > bridges together using elements from each script. > > I suspect you could make it totally compatible with tinytaptunnel. > > > Unfortunately, it's written for Linux... and... in go... but the README at > > least gave me a couple more ideas to look into. > > > > Feel free to keep coming with the suggestions if anyone has anymore! This > > is great stuff > > > > On Saturday, August 15, 2015 13:05:17 Outback Dingo wrote: > >> On Sat, Aug 15, 2015 at 12:40 PM, James Lott > > > > wrote: > >>>> you haven't really described the network well enough.. > >>>> try an ascii-art diagram (don't forget to set fixed width font :-) > >>>> a VPN required two ends.. one is FreeBSD... what's the other? > >>> > >>> The thing is, the "other" could be any number of operating systems. I'm > >>> looking for a tunneling protocol with good cross-platform > >>> representation, > >>> but > >>> the higher priority it enduring it tunnels ethernet frames. > >>> > >>> For the sake of example we can say the other end is a FreeBSD host, > >>> since > >>> FreeBSD is looking like the "lowest common denominator" on this topic. > >>> > >>>> if both ends are FreeBSD there are dozens of possibilities.. > >>>> for example: > >>>> ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif > >>>> > >>>> ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif > >>> > >>> I'm not overly concerned with the host side interfaces. What I'm really > >>> concerned with is the tunneling protocol since that's what will need > >>> support > >>> on all of my platforms. Thus, a solution requiring netgraph on both ends > >>> is > >>> not an option in my case. > >>> > >>>> tap->ppp->ppp->tap > >>> > >>> I have not found any ppp implementations under FreeBSD which support > > > > BCP. > > > >>> To my understanding, that's the only method by which ethernet frames can > >>> be > >>> tunneled over ppp... if I'm wrong, please do correct me! I would love > >>> nothing > >>> more than to be wrong about that :) > >>> > >>> On Friday, August 14, 2015 23:16:41 Julian Elischer wrote: > >>>> On 8/14/15 6:40 AM, James Lott wrote: > >>>>> Hello list, > >>>>> > >>>>> I am in the process of planning a build out of a L2 VPN, in which > >>>>> I'd like to have my primary "switch" and DHCP server be a FreeBSD > >>>>> system. I would like to join each new host to the VPN by > >>>>> establishing an IP tunnel with the primary "switch" which transports > >>>>> ethernet frames over the tunnel. > >>>> > >>>> you haven't really described the network well enough.. > >>>> try an ascii-art diagram (don't forget to set fixed width font :-) > >>>> a VPN required two ends.. one is FreeBSD... what's the other? > >>>> > >>>>> So far, the only protocol I have found supported by FreeBSD which > >>>>> seems capable of this is EtherIP. As far as I can tell, it doesn't > >>>>> look like there is any support for L2TPv3, and none of the PPP > >>>>> implementations available appear to support BCP. > >>>>> > >>>>> I'm not completely opposed to using EtherIP, but if there is > >>>>> something more modern which will meet my needs, I would probably > > > > try > > > >>>>> that first. So my question becomes: > >>>>> > >>>>> * Does anyone know of a method supported under FreeBSD (other than > >>>>> EtherIP) for tunneling ethernet over IP that they may be able to > >>>>> suggest I check out? > >>>> > >>>> if both ends are FreeBSD there are dozens of possibilities.. > >>>> for example: > >>>> ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif > >>>> > >>>> ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif > >>>> > >>>> tap->ppp->ppp->tap > >>>> > >>>>> Thanks for any suggestions! > >> > >> theres also N2N which is pretty nice, and well ZeroTierOne which is > >> somewhat unique > >> > >>>>> _______________________________________________ > >>>>> freebsd-net@freebsd.org mailing list > >>>>> https://lists.freebsd.org/mailman/listinfo/freebsd-net > >>>>> To unsubscribe, send any mail to "freebsd-net- > > > > unsubscribe@freebsd.org" > > > >>>> _______________________________________________ > >>>> freebsd-net@freebsd.org mailing list > >>>> https://lists.freebsd.org/mailman/listinfo/freebsd-net > >>>> To unsubscribe, send any mail to "freebsd-net- unsubscribe@freebsd.org" > >>> > >>> -- > >>> James Lott > >>> _______________________________________________ > >>> freebsd-net@freebsd.org mailing list > >>> https://lists.freebsd.org/mailman/listinfo/freebsd-net > >>> To unsubscribe, send any mail to "freebsd-net- unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- James Lott