Date: Fri, 5 Dec 2008 18:05:38 +0200 From: Nikos Vassiliadis <nvass@teledomenet.gr> To: freebsd-questions@freebsd.org Cc: nrml nrml <nrml@att.net> Subject: Re: IPSec + vpn + multicast Message-ID: <200812051805.38800.nvass@teledomenet.gr> In-Reply-To: <11691.95194.qm@web83803.mail.sp1.yahoo.com> References: <11691.95194.qm@web83803.mail.sp1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 03 December 2008 17:02:05 nrml nrml wrote: > Hello, > > I followed the handbook instructions and the ipsec(4) man page to setup > vpn-over-ipsec for our company's site-to-site connection via our > dedicated T1. Anyway I have it working but I found that I need to make > sure that multicast traffic can traverse through the two subnets. I have > the following options in my kernel: > > FreeBSD somebox.domain.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #1: Fri > Nov 21 08:11:47 PST 2008 > root@somebox.domain.com:/usr/obj/usr/src/sysKERNEL i386 device > crypto > options IPSEC > options IPSEC_FILTERTUNNEL > options IPSEC_DEBUG #debug for IP Security > options IPSEC_NAT_T > The kernel does not support multicast routing by default, you need to add "options MROUTING" to your kernel cf. But then again you have to use something to exchange that routing information to the other peers, something like XORP. > ipsec-tools: ... > Does anyone know how I can accomplish this? The goal is to try and have > transparency between the two sites Could you elaborate a bit on "transparency between the two sites"? > to and try and get Bonjour working. I am not familiar with Bonjour, but it seems that multicast routing is not the way to go... Maybe you can achieve that same effect using bridging and packet filtering to block what ever is supposed to be local traffic. Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812051805.38800.nvass>