From owner-freebsd-net@FreeBSD.ORG  Tue Oct 11 20:20:30 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3160A16A428;
	Tue, 11 Oct 2005 20:20:30 +0000 (GMT) (envelope-from djh@nebcorp.com)
Received: from ratchet.nebcorp.com (ratchet.nebcorp.com [205.217.153.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F180E43D46;
	Tue, 11 Oct 2005 20:20:29 +0000 (GMT) (envelope-from djh@nebcorp.com)
Received: by ratchet.nebcorp.com (Postfix, from userid 1014)
	id D6AA7D983B; Tue, 11 Oct 2005 13:20:29 -0700 (PDT)
Date: Tue, 11 Oct 2005 13:20:29 -0700
From: Danny Howard <dannyman@toldme.com>
To: Joshua Weaver <josh@metropark.com>
Message-ID: <20051011202029.GI564@ratchet.nebcorp.com>
References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAb2DLH6DGVUCfC18ehDQuQcKAAAAQAAAANqdpYXJRCUyI1lev88QfmwEAAAAA@metropark.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAb2DLH6DGVUCfC18ehDQuQcKAAAAQAAAANqdpYXJRCUyI1lev88QfmwEAAAAA@metropark.com>
User-Agent: Mutt/1.4.2.1i
X-Loop: djhoward@uiuc.edu
Cc: freebsd-net@freebsd.org, 'free bsd' <freebsd-questions@freebsd.org>
Subject: Re: GRE tunnels anyone?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2005 20:20:30 -0000

On Tue, Oct 11, 2005 at 01:06:58PM -0500, Joshua Weaver wrote:
> The company I work for uses a lot of multicast tunnels, usually with a
> QOS/GRE implementation with quite pricy hardware.  I googled around a bit,
> it looks like basic vpn is supported for FreeBSD. I guess my questions are
> 
> 1.)    Does FreeBSD play well with vpn-capable routers  (like a 3Com 5012)
> 
> 2.)    Would getting acceptable latency tunneling multicast mean hardware
> that's just as expensive as a router costing thousands?

Joshua,

We run a tunnel using gif interfaces, managed by racoon.  The
performance is less than super, but I think that's a constraint of our
network resources.

My answer would be: "Why not grab a spare box and try it out?"  If the
day's diversion may lead you to saving thousands, then please spend a
little more effort and write a brief article on a blog or a journal
somewhere to help the next person who comes along asking your question.
:)

The handbook has a great chapter on how-to-setup-a-tunnel-from-scratch,
though it sounds like you don't need a lot of hand-holding.

I would LIKE to think that if we spent a bit of cash on proper VPN
hardware, that tunnel maintenance would be easier and performance might
be better.  Well, that's an aside.

Good Luck,
-danny

-- 
http://dannyman.toldme.com/