From owner-freebsd-net Thu Apr 18 11:46:29 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87]) by hub.freebsd.org (Postfix) with ESMTP id B9B9437B9A6 for ; Thu, 18 Apr 2002 11:40:47 -0700 (PDT) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc54.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020418184021.JFS1102.rwcrmhc54.attbi.com@InterJet.elischer.org>; Thu, 18 Apr 2002 18:40:21 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id LAA03078; Thu, 18 Apr 2002 11:25:53 -0700 (PDT) Date: Thu, 18 Apr 2002 11:25:52 -0700 (PDT) From: Julian Elischer To: Bernd Walter Cc: Radoslav Vasilev , freebsd-net@freebsd.org Subject: Re: vlan traffic over ipsec tunnel In-Reply-To: <20020418090130.GK70839@cicely9.cicely.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The example of how to make a tunnel is part of it two.. what you suggest is a combination of thetwo.. actually I have a suggestion you should but the 'bridge' node on BOTH ENDS of the tunnel. this will stop traffic that is not wanted from travelling over the link. if you don't do that, then incidental traffic read off the remote network (the one without a bridge node) will all be needlessly carried across the link just to be discarded by the bridge node at the far end. Adding a bridge node at each end ensures that this doesn't happen. On Thu, 18 Apr 2002, Bernd Walter wrote: > On Thu, Apr 18, 2002 at 03:43:17AM +0300, Radoslav Vasilev wrote: > > How in practise one can bridge two separate lans through netgraph/whatever > > ehternet over IP) ? > > Take a look into /usr/share/examples/netgraph. > There is an example for ethernet bridging and udp tunnel. > You just have to put ksocket nodes between the ethernet nodes > instead of connecting them directly. > > > ----- Original Message ----- > > From: "Bernd Walter" > > To: "Peter J. Blok" > > Cc: ; > > Sent: Thursday, April 18, 2002 2:44 AM > > Subject: Re: vlan traffic over ipsec tunnel > > > > > > > On Wed, Apr 17, 2002 at 09:11:28PM +0200, Peter J. Blok wrote: > > > > Hi All, > > > > > > > > I'd like to accomplish the following: I have two locations, connected > > via an > > > > IPSEC tunnel. Is it possible to connect the vlans at both ends through > > the > > > > tunnel. > > > > > > > > Is this possible with existing software? What would it take to do > > something > > > > like this? > > > > > > With netgraph you can bridge ethernets over IP which then gets > > > encypted via ipsec - at least in theory. > > > But If you only want to connect IP based lans you should route instead. > > -- > B.Walter COSMO-Project http://www.cosmo-project.de > ticso@cicely.de Usergroup info@cosmo-project.de > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message