From owner-freebsd-doc@FreeBSD.ORG Wed Dec 31 13:20:59 2003 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A43E216A4CE for ; Wed, 31 Dec 2003 13:20:59 -0800 (PST) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE60843D1D for ; Wed, 31 Dec 2003 13:20:57 -0800 (PST) (envelope-from anderson@centtech.com) Received: from webmail.centtech.com (otter3.centtech.com [10.177.173.12]) by otter3.centtech.com (8.12.3/8.12.3) with SMTP id hBVLKu6T039233; Wed, 31 Dec 2003 15:20:56 -0600 (CST) (envelope-from anderson@centtech.com) Received: from 10.177.173.77 (SquirrelMail authenticated user anderson) by otter.centtech.com with HTTP; Wed, 31 Dec 2003 15:20:57 -0600 (CST) Message-ID: <1811.10.177.173.77.1072905657.squirrel@otter.centtech.com> In-Reply-To: <20031231205854.3560.qmail@vectorns.com> References: <20031231205854.3560.qmail@vectorns.com> Date: Wed, 31 Dec 2003 15:20:57 -0600 (CST) From: "Eric Anderson" To: "axiom" User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal cc: doc@freebsd.org Subject: Re: VPN over IPsec X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Dec 2003 21:20:59 -0000 axiom said: > I have a question regarding the document that talks about "VPN over > IPsec". > I'm trying to create the interface gif0 at boot time and am adding the > following to my /etc/rc.conf according to your document: > > gifconfig_gif0="A.B.C.D W.X.Y.Z" > ifconfig_gif0="inet 192.168.1.1 192.168.2.1 netmask 0xffffffff" > static_routes="vpn" > route_vpn="192.168.2.0 192.168.2.1 netmask 0xffffff00" > > I've obviously changed the IP address schemes to fit my network. > > Using this same documentation on "VPN over IPsec" I can setup the gif0 > interface manually with no problems and everything works. I just don't > want > to have to set it up manually every time I reboot. > > Any suggestions on why the setup to /etc/rc.conf from your documentation > doesn't work? You've really answered your own question in the next paragraph. Basically, the device doesn't exist yet, so it can't run these settings on an interface that does not exist. It must first be created. > > ****************************************************************** > > One other thing i'd like to point out on that document is that when you > tell > the user to run "gifconfig gif0 A.B.C.D W.X.Y.Z" it doesn't work. You must > first create gif0 with "ifconfig gif0 create" and then continue with your > documentation. The documentation should be updated to reflect this. This is the old way of doing it, when gif interfaces were set in-kernel. This changed somewhere around FreeBSD 4.4ish I believe. Does anyone know the correct way to create an interface on system boot, before network is started? Or is this a piece for a /usr/local/etc/rc.d/ script? Eric ------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology You have my continuous partial attention -------------------------------------------------------------