From owner-freebsd-net@freebsd.org Fri Aug 14 15:16:55 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1AE159B98CA for ; Fri, 14 Aug 2015 15:16:55 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E94221DB6 for ; Fri, 14 Aug 2015 15:16:54 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-227-250.lns20.per1.internode.on.net [121.45.227.250]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id t7EFGn9k008348 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 14 Aug 2015 08:16:53 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: Ethernet tunneling options under FreeBSD To: James Lott , freebsd-net@freebsd.org References: <55CD1CE6.2010502@lottspot.com> From: Julian Elischer Message-ID: <55CE0659.6050206@freebsd.org> Date: Fri, 14 Aug 2015 23:16:41 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <55CD1CE6.2010502@lottspot.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2015 15:16:55 -0000 On 8/14/15 6:40 AM, James Lott wrote: > Hello list, > > I am in the process of planning a build out of a L2 VPN, in which > I'd like to have my primary "switch" and DHCP server be a FreeBSD > system. I would like to join each new host to the VPN by > establishing an IP tunnel with the primary "switch" which transports > ethernet frames over the tunnel. > you haven't really described the network well enough.. try an ascii-art diagram (don't forget to set fixed width font :-) a VPN required two ends.. one is FreeBSD... what's the other? > So far, the only protocol I have found supported by FreeBSD which > seems capable of this is EtherIP. As far as I can tell, it doesn't > look like there is any support for L2TPv3, and none of the PPP > implementations available appear to support BCP. > > I'm not completely opposed to using EtherIP, but if there is > something more modern which will meet my needs, I would probably try > that first. So my question becomes: > > * Does anyone know of a method supported under FreeBSD (other than > EtherIP) for tunneling ethernet over IP that they may be able to > suggest I check out? if both ends are FreeBSD there are dozens of possibilities.. for example: ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif tap->ppp->ppp->tap > > Thanks for any suggestions! > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >