From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 23:32:25 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 509B516A407; Tue, 3 Oct 2006 23:32:25 +0000 (UTC) (envelope-from dunc@lemonia.org) Received: from tang.lemonia.org (tang.lemonia.org [88.208.192.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id D776743D46; Tue, 3 Oct 2006 23:32:24 +0000 (GMT) (envelope-from dunc@lemonia.org) Received: from [86.54.130.227] (helo=[192.168.69.92]) by tang.lemonia.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.62 (FreeBSD)) (envelope-from ) id 1GUtkK-000I20-SI; Wed, 04 Oct 2006 00:32:23 +0100 Message-ID: <4522F2FF.5060808@lemonia.org> Date: Wed, 04 Oct 2006 00:32:15 +0100 From: Dunc User-Agent: Thunderbird 1.5.0.4 (X11/20060516) MIME-Version: 1.0 To: Andrew Thompson References: <45223E43.6060906@lemonia.org> <20061003230147.GI21444@heff.fud.org.nz> In-Reply-To: <20061003230147.GI21444@heff.fud.org.nz> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 86.54.130.227 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on tang.lemonia.org X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.1 X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on tang.lemonia.org) Cc: freebsd-net@freebsd.org Subject: Re: Layer2 VPN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 23:32:25 -0000 Andrew Thompson wrote: > On Tue, Oct 03, 2006 at 11:41:07AM +0100, Dunc wrote: > >> Hi folks, >> >> I've been trying to create a layer2 VPN using FreeBSD boxes as the gateways. >> >> The 2 methods I thought of are:- >> >> a) Create a tunnel between the 2 gateways using gif interfaces, and >> bridge the gifs onto a real NIC. >> >> Both methods seem to work fine, unless I try and put 802.1Q traffic down >> the VPN, in which case neither method works. >> > > This should work fine with vlan headers, do you have any indication of > where the problem is? you may need to get packet dumps at the sending > and receiving ends. > > Grab a tcpdump at the sending bridge0, sending interface, receiving > interface, receiving bridge0. You can send them to me if you need help > deciphering them. > > > cheers, > Andrew > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > Hi Andrew, I couldn't see why it wouldn't either. It's just an ethernet frame with an extra field filled in AIUI I did do dumps earlier, and the problem seemed to be around about the bridge device at the far end as I pinged, however I will start again from scratch tomorrow and get some data. I was on a bit of a mission today as I need to have a working solution soon, so I tried combinations of OS and tunnel techs. The only actual success I have had so far is Linux with OpenVPN in tap mode. Anyway, thanks for your help so far and I shall return. Cheers, Dunc