Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Apr 2002 11:25:52 -0700 (PDT)
From:      Julian Elischer <julian@elischer.org>
To:        Bernd Walter <ticso@cicely9.cicely.de>
Cc:        Radoslav Vasilev <rvasilev@uni-svishtov.bg>, freebsd-net@freebsd.org
Subject:   Re: vlan traffic over ipsec tunnel
Message-ID:  <Pine.BSF.4.21.0204181122150.3059-100000@InterJet.elischer.org>
In-Reply-To: <20020418090130.GK70839@cicely9.cicely.de>

next in thread | previous in thread | raw e-mail | index | archive | help
The example of how to make a tunnel is part of it two..
what you suggest is a combination of thetwo..
actually I have a suggestion

you should but the 'bridge' node on BOTH ENDS of the tunnel.
this will stop traffic that is not wanted from travelling over the link.

if you don't do that, then incidental traffic read off the remote network
(the one without a bridge node) will all be needlessly carried across the
link just to be discarded by the bridge node at the far end. Adding a
bridge node at each end ensures that this doesn't happen. 


On Thu, 18 Apr 2002, Bernd Walter wrote:

> On Thu, Apr 18, 2002 at 03:43:17AM +0300, Radoslav Vasilev wrote:
> > How in practise one can bridge two separate lans through netgraph/whatever
> >  ehternet over IP) ?
> 
> Take a look into /usr/share/examples/netgraph.
> There is an example for ethernet bridging and udp tunnel.
> You just have to put ksocket nodes between the ethernet nodes
> instead of connecting them directly.
> 
> > ----- Original Message -----
> > From: "Bernd Walter" <ticso@cicely9.cicely.de>
> > To: "Peter J. Blok" <Peter.Blok@inter.NL.net>
> > Cc: <freebsd-hackers@FreeBSD.ORG>; <freebsd-net@FreeBSD.ORG>
> > Sent: Thursday, April 18, 2002 2:44 AM
> > Subject: Re: vlan traffic over ipsec tunnel
> > 
> > 
> > > On Wed, Apr 17, 2002 at 09:11:28PM +0200, Peter J. Blok wrote:
> > > > Hi All,
> > > >
> > > > I'd like to accomplish the following: I have two locations, connected
> > via an
> > > > IPSEC tunnel. Is it possible to connect the vlans at both ends through
> > the
> > > > tunnel.
> > > >
> > > > Is this possible with existing software? What would it take to do
> > something
> > > > like this?
> > >
> > > With netgraph you can bridge ethernets over IP which then gets
> > > encypted via ipsec - at least in theory.
> > > But If you only want to connect IP based lans you should route instead.
> 
> -- 
> B.Walter              COSMO-Project         http://www.cosmo-project.de
> ticso@cicely.de         Usergroup           info@cosmo-project.de
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0204181122150.3059-100000>