From owner-freebsd-net Sat Apr 28 9:12:54 2001 Delivered-To: freebsd-net@freebsd.org Received: from chmls06.mediaone.net (chmls06.mediaone.net [24.147.1.144]) by hub.freebsd.org (Postfix) with ESMTP id 129DA37B423 for ; Sat, 28 Apr 2001 09:12:51 -0700 (PDT) (envelope-from cambria@mediaone.net) Received: from mediaone.net (mcambria.ne.mediaone.net [66.31.112.176]) by chmls06.mediaone.net (8.11.1/8.11.1) with ESMTP id f3SGCX826124; Sat, 28 Apr 2001 12:12:34 -0400 (EDT) Message-ID: <3AEAEE6A.8AEAD76F@mediaone.net> Date: Sat, 28 Apr 2001 12:23:06 -0400 From: "Michael C. Cambria" X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Tunnels & Route Advertisements Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I have a few FreeBSD 4.3-Stable systems being used to connect small sites over the Internet. One site will be expanding to have more than one subnet. I'm interested to know what to expect when these systems run routing protocols in the presense of tunnels. I am curious about both IPSec tunnels and IPIP tunnels. Should a tunnel endpoint show up in route advertisements sent from rip/gated/zebra running on the FreeBSD 4.3-Stable system? My guess is that for IPIP (e.g. gif interfaces), both remote endpoints (outer IP address & inner IP address) are added to the local route table since FreeBSD sees them as 2 interfaces. It seems that ifconfig should (or at least could) just add the route for gif0 just as it would for xl0. Is this the case? I'm assuming that given an interface, the route deamon chosen can be configured to use the tunnel interface as any other. For _IPSec_ tunnels, I'm not as sure. I don't see any existing mechinism that I'm familiar with such as ifconfig. Any ideas? I prefer IPSec tunnels for encryption of the internet, but can live (for now) with IPIP if it does the job. Thanks, MikeC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message