From owner-freebsd-questions@FreeBSD.ORG  Fri Jan 27 15:34:05 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E5E4216A46C
	for <freebsd-questions@freebsd.org>;
	Fri, 27 Jan 2006 15:34:01 +0000 (GMT)
	(envelope-from nvass@teledomenet.gr)
Received: from matrix.teledomenet.gr (dns1.teledomenet.gr [213.142.128.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9F133440EA
	for <freebsd-questions@freebsd.org>;
	Fri, 27 Jan 2006 14:30:34 +0000 (GMT)
	(envelope-from nvass@teledomenet.gr)
Received: from iris ([192.168.1.71])
	by matrix.teledomenet.gr (8.12.10/8.12.10) with ESMTP id k0REUKkA032297;
	Fri, 27 Jan 2006 16:30:20 +0200
From: Nikos Vassiliadis <nvass@teledomenet.gr>
To: freebsd-questions@freebsd.org
Date: Fri, 27 Jan 2006 16:28:58 +0200
User-Agent: KMail/1.8.3
References: <E11CF724-B7BB-473B-B313-EBCFCB593424@fellownet.com>
	<7D22F62E-5CEA-4B8A-BBB4-0C42AF93E975@fellownet.com>
	<20060127150738.2619a80c@localhost>
In-Reply-To: <20060127150738.2619a80c@localhost>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-7"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200601271628.58865.nvass@teledomenet.gr>
Cc: Bob Kersten <bob_freebsd_questions@fellownet.com>
Subject: Re: VPN / Bridge
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jan 2006 15:34:08 -0000

On Friday 27 January 2006 16:07, Fabian Keil wrote:
> Bob Kersten <bob_freebsd_questions@fellownet.com> wrote:
> > On 25-jan-2006, at 11:57, Fabian Keil wrote:
> > > root@TP51 ~ #ifconfig gif0 tunnel 1.2.3.4 5.6.7.8 up
> > > root@TP51 ~ #ifconfig bridge0 create
> > > root@TP51 ~ #ifconfig bridge0 addm ndis0 addm gif0 up
> > > root@TP51 ~ #ifconfig bridge0
> > > bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> > >         ether ac:de:48:f4:4e:9c
> > >         priority 32768 hellotime 2 fwddelay 15 maxage 20
> > >         member: gif0 flags=3<LEARNING,DISCOVER>
> > >         member: ndis0 flags=3<LEARNING,DISCOVER>
> > >
> > > BTW: man if_config says all members of the bridge are required to
> > > have the same MTU, but ifconfig doesn't seem to check it.
> > > My setup wouldn't work as gif0 has a MTU of 1280.
> >
> > Gjee ... I'm still not able to add the gif0 device to my bridge0.
> >
> > I'm using FreeBSD6.0 and I've fixed the mtu on my gif0 device to be
> > 1500. These are the steps that I take:
> >
> > [/] root@spike> ifconfig gif0 create
> > [/] root@spike> ifconfig gif0 tunnel 1.2.3.4 5.6.7.8 mtu 1500 up
> > [/] root@spike> ifconfig bridge0 create
> > [/] root@spike> ifconfig bridge0 addm fxp0
> > [/] root@spike> ifconfig bridge0 addm gif0
> > ifconfig: BRDGADD gif0: Invalid argument
> >
> > [/] root@spike> ifconfig
> > fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
> > 1500
> >          options=8<VLAN_MTU>
> >          inet6 fe80::202:a5ff:fe26:6e45%fxp0 prefixlen 64 scopeid 0x1
> >          inet 192.168.100.101 netmask 0xffffff00 broadcast
> > 192.168.100.255
> >          ether 00:02:a5:26:6e:45
> >          media: Ethernet autoselect (100baseTX <full-duplex>)
> >          status: active
> > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >          options=8<VLAN_MTU>
> >          inet6 fe80::2e0:xxxx:xxxx:xxxx%rl0 prefixlen 64 scopeid 0x2
> >          inet 1.2.3.4 netmask 0xfffffe00 broadcast 83.160.3.255
> >          ether 00:e0:4c:a2:b5:f6
> >          media: Ethernet autoselect (100baseTX <full-duplex>)
> >          status: active
> > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> >          inet6 ::1 prefixlen 128
> >          inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
> >          inet 127.0.0.1 netmask 0xff000000
> > gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
> >          tunnel inet 1.2.3.4 --> 5.6.7.8
> >          inet6 fe80::202:a5ff:xxxx:xxxx%gif0 prefixlen 64 scopeid 0x4
> > bridge0: flags=8000<MULTICAST> mtu 1500
> >          ether ac:de:48:ee:6a:cf
> >          priority 32768 hellotime 2 fwddelay 15 maxage 20
> >          member: fxp0 flags=3<LEARNING,DISCOVER>
> >
> > The 'fake' ip addresses don't matter, it doesn't work with real
> > addresses either. It seems as if gif0 is not accepted as 'real'
> > ethernet device when trying to add it to the bridge. Maybe this
> > isn't the right way to achive the VPN with all clients in the same
> > subnet.
>
> I don't know if it means anything, but our bridges seem to be
> different. Yours doesn't have the broadcast flag.

Adding gifs to bridge came after 6.0-RELEASE. It's in 6.0-STABLE though.

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/if_bridge.c

>
> Fabian