From owner-freebsd-net@FreeBSD.ORG  Tue Oct  3 10:41:24 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8E54616A403
	for <freebsd-net@freebsd.org>; Tue,  3 Oct 2006 10:41:24 +0000 (UTC)
	(envelope-from dunc@lemonia.org)
Received: from male.aldigital.co.uk (male.thebunker.net [213.129.64.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4088643D46
	for <freebsd-net@freebsd.org>; Tue,  3 Oct 2006 10:41:24 +0000 (GMT)
	(envelope-from dunc@lemonia.org)
Received: from [172.16.3.10] (gateway.ash.thebunker.net [213.129.64.4])
	by male.aldigital.co.uk (Postfix) with ESMTP id 6906D978C1
	for <freebsd-net@freebsd.org>; Tue,  3 Oct 2006 11:41:23 +0100 (BST)
Message-ID: <45223E43.6060906@lemonia.org>
Date: Tue, 03 Oct 2006 11:41:07 +0100
From: Dunc <dunc@lemonia.org>
User-Agent: Thunderbird 1.5.0.5 (X11/20060818)
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Layer2 VPN
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Oct 2006 10:41:24 -0000

Hi folks,

I've been trying to create a layer2 VPN using FreeBSD boxes as the gateways.

The 2 methods I thought of are:-

a) Create a tunnel between the 2 gateways using gif interfaces, and
bridge the gifs onto a real NIC.

b) Using openvpn in bridging mode, and bridge the tap device onto a real
NIC.

Both methods seem to work fine, unless I try and put 802.1Q traffic down
the VPN, in which case neither method works.


Is there some fundamental reason as to why this would not work, or am I
just flailing?? (I'm pretty sure everything is configured right, my
tagged traffic is fine without the VPN in the equation, and also the VPN
is fine with no tagged traffic)

If this is just not going to work, and I should stop now, does anybody
have any suggestions as to how I might achieve this in FreeBSD?

Regards,

Dunc