From owner-freebsd-questions@FreeBSD.ORG  Fri Jan 27 14:07:52 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 112BC16A420
	for <freebsd-questions@freebsd.org>;
	Fri, 27 Jan 2006 14:07:52 +0000 (GMT)
	(envelope-from freebsd-listen@fabiankeil.de)
Received: from smtprelay01.ispgateway.de (smtprelay01.ispgateway.de
	[80.67.18.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF41843D45
	for <freebsd-questions@freebsd.org>;
	Fri, 27 Jan 2006 14:07:50 +0000 (GMT)
	(envelope-from freebsd-listen@fabiankeil.de)
Received: (qmail 21109 invoked from network); 27 Jan 2006 14:07:48 -0000
Received: from unknown (HELO localhost) ([pbs]775067@[217.187.177.131])
	(envelope-sender <freebsd-listen@fabiankeil.de>)
	by smtprelay01.ispgateway.de (qmail-ldap-1.03) with SMTP
	for <bob_freebsd_questions@fellownet.com>; 27 Jan 2006 14:07:48 -0000
Date: Fri, 27 Jan 2006 15:07:38 +0100
From: Fabian Keil <freebsd-listen@fabiankeil.de>
To: Bob Kersten <bob_freebsd_questions@fellownet.com>
Message-ID: <20060127150738.2619a80c@localhost>
In-Reply-To: <7D22F62E-5CEA-4B8A-BBB4-0C42AF93E975@fellownet.com>
References: <E11CF724-B7BB-473B-B313-EBCFCB593424@fellownet.com>
	<20060124172803.398db141@localhost>
	<37771069-F2EF-402A-9542-B6784F494AE7@fellownet.com>
	<20060125115737.6b3fc4e2@localhost>
	<7D22F62E-5CEA-4B8A-BBB4-0C42AF93E975@fellownet.com>
X-Mailer: Sylpheed-Claws 1.9.100 (GTK+ 2.8.6; i386-portbld-freebsd6.0)
X-PGP-KEY-URL: http://www.fabiankeil.de/gpg-keys/freebsd-listen-2006-08-19.asc
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="Sig_qWOWOO9tt=CnrpH1QKQPITo";
	protocol="application/pgp-signature"; micalg=PGP-SHA1
Cc: freebsd-questions@freebsd.org
Subject: Re: VPN / Bridge
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jan 2006 14:07:52 -0000

--Sig_qWOWOO9tt=CnrpH1QKQPITo
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

Bob Kersten <bob_freebsd_questions@fellownet.com> wrote:

> On 25-jan-2006, at 11:57, Fabian Keil wrote:
>=20
> > root@TP51 ~ #ifconfig gif0 tunnel 1.2.3.4 5.6.7.8 up
> > root@TP51 ~ #ifconfig bridge0 create
> > root@TP51 ~ #ifconfig bridge0 addm ndis0 addm gif0 up
> > root@TP51 ~ #ifconfig bridge0
> > bridge0: flags=3D8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> >         ether ac:de:48:f4:4e:9c
> >         priority 32768 hellotime 2 fwddelay 15 maxage 20
> >         member: gif0 flags=3D3<LEARNING,DISCOVER>
> >         member: ndis0 flags=3D3<LEARNING,DISCOVER>
> >
> > BTW: man if_config says all members of the bridge are required to
> > have the same MTU, but ifconfig doesn't seem to check it.
> > My setup wouldn't work as gif0 has a MTU of 1280.
>=20
> Gjee ... I'm still not able to add the gif0 device to my bridge0.
>=20
> I'm using FreeBSD6.0 and I've fixed the mtu on my gif0 device to be =20
> 1500. These are the steps that I take:
>=20
> [/] root@spike> ifconfig gif0 create
> [/] root@spike> ifconfig gif0 tunnel 1.2.3.4 5.6.7.8 mtu 1500 up
> [/] root@spike> ifconfig bridge0 create
> [/] root@spike> ifconfig bridge0 addm fxp0
> [/] root@spike> ifconfig bridge0 addm gif0
> ifconfig: BRDGADD gif0: Invalid argument
>=20
> [/] root@spike> ifconfig
> fxp0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu =20
> 1500
>          options=3D8<VLAN_MTU>
>          inet6 fe80::202:a5ff:fe26:6e45%fxp0 prefixlen 64 scopeid 0x1
>          inet 192.168.100.101 netmask 0xffffff00 broadcast =20
> 192.168.100.255
>          ether 00:02:a5:26:6e:45
>          media: Ethernet autoselect (100baseTX <full-duplex>)
>          status: active
> rl0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>          options=3D8<VLAN_MTU>
>          inet6 fe80::2e0:xxxx:xxxx:xxxx%rl0 prefixlen 64 scopeid 0x2
>          inet 1.2.3.4 netmask 0xfffffe00 broadcast 83.160.3.255
>          ether 00:e0:4c:a2:b5:f6
>          media: Ethernet autoselect (100baseTX <full-duplex>)
>          status: active
> lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>          inet6 ::1 prefixlen 128
>          inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
>          inet 127.0.0.1 netmask 0xff000000
> gif0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
>          tunnel inet 1.2.3.4 --> 5.6.7.8
>          inet6 fe80::202:a5ff:xxxx:xxxx%gif0 prefixlen 64 scopeid 0x4
> bridge0: flags=3D8000<MULTICAST> mtu 1500
>          ether ac:de:48:ee:6a:cf
>          priority 32768 hellotime 2 fwddelay 15 maxage 20
>          member: fxp0 flags=3D3<LEARNING,DISCOVER>
>=20
> The 'fake' ip addresses don't matter, it doesn't work with real =20
> addresses either. It seems as if gif0 is not accepted as 'real' =20
> ethernet device when trying to add it to the bridge. Maybe this
> isn't the right way to achive the VPN with all clients in the same
> subnet.

I don't know if it means anything, but our bridges seem to be
different. Yours doesn't have the broadcast flag.

Fabian
--=20
http://www.fabiankeil.de/

--Sig_qWOWOO9tt=CnrpH1QKQPITo
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD2ik1jV8GA4rMKUQRAnsvAKDcRR05B2icFqjCb3CSSKp/0QAXcACgjkaq
3g6NQLCUnF3cqSipBuhaO7Y=
=D6kU
-----END PGP SIGNATURE-----

--Sig_qWOWOO9tt=CnrpH1QKQPITo--