From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 18:12:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABC2E16A4CE for ; Wed, 5 Nov 2003 18:12:16 -0800 (PST) Received: from relay.transip.nl (relay.transip.nl [80.69.66.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7858043FD7 for ; Wed, 5 Nov 2003 18:12:15 -0800 (PST) (envelope-from freebsd@walter.transip.nl) Received: from blue.calx.nl (blue.calx.nl [213.84.201.224]) by relay.transip.nl (Postfix) with ESMTP id 8853234A62C for ; Thu, 6 Nov 2003 03:12:12 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by blue.calx.nl (Postfix) with ESMTP id C81CAA931 for ; Thu, 6 Nov 2003 03:12:12 +0100 (CET) Received: from kai.calx.nl (kai.calx.nl [172.23.7.10]) by blue.calx.nl (Postfix) with ESMTP id E7316A930 for ; Thu, 6 Nov 2003 03:12:01 +0100 (CET) Date: Thu, 6 Nov 2003 03:12:02 +0100 From: Walter Hop X-Mailer: The Bat! (v2.00.6) Business X-Priority: 3 (Normal) Message-ID: <167116793500.20031106031202@blue.calx.nl> To: FreeBSD Net MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by blue.calx.nl Subject: Connect two LANs over an IPv4 tunnel? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 02:12:16 -0000 Hi all, I have a networking problem that I am trying to solve with FreeBSD. I would like to connect two networks (home and work), so that I can set up my home workstations in the same subnet as the work LAN. Out of this /24, I would like to use a /29 at home. On both LANs I have a FreeBSD box; workbox is 5.1R and homebox is 4-STABLE. Both boxes can reach eachother over the IPv4 internet. (attempt 1) The OpenBSD man page mentioned bridge and gif in one sentence, so I was hoping that setting up a layer 2 bridge would be as easy as configuring a gif tunnel and bridging over it, but as I feared, gif is no ethernet device and this did not work: Nov 6 00:17:04 home /kernel: gif1 is not an ethernet, continue So that plan is foiled. (attempt 2) The gif tunnel worked and the boxes can ping eachother over it, so I assigned private addresses to the gif endpoints. Then I tried adding some home IP aliases to the work box's ethernet interface and using forwarding and "route delete/add" in the hope that packets would be routed to the gateway in private-space across gif1. Routing to the home IP's works LOCALLY from workbox, but when other machines in the work subnet ping a home address, they receive a reply from the workbox itself. I do not know of another way to have workbox answer ARP for the home IP's. (I considered setting the interface in promiscuous mode in the hopes of having the kernel accept and forward the packet anyway, but the ethernet is switched so nobody will know where to send it.) Unfortunately, at work I have no control over the default gateway, so I cannot set up static routes with workbox as the next-hop. I am now wondering what I can do to create a setup like this. Is this even possible, or am I thinking in the wrong direction? Any advice would be appreciated. I am not looking for bridging of Ethernet frames per se; I am only interested in IP packets. Both networks use RFC1918 private addresses. How would one approach a situation like this? Is there actually a solution? Thanks for reading :) walter