From owner-freebsd-net@freebsd.org Sat Aug 15 03:05:18 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1333F9B989C for ; Sat, 15 Aug 2015 03:05:18 +0000 (UTC) (envelope-from outbackdingo@gmail.com) Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CA95A11BE for ; Sat, 15 Aug 2015 03:05:17 +0000 (UTC) (envelope-from outbackdingo@gmail.com) Received: by iodb91 with SMTP id b91so102786753iod.1 for ; Fri, 14 Aug 2015 20:05:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=LfBQJxSHwQVd6q5ewOsJpr83Ct52wmRFTyHbCPWEMos=; b=lTsmZjFfqRDxiMRgwsrOFz8rxDoh8luOAp1klSroCAk/OmKvVyLf+tDUn08EUik2L5 VAtAdnC9aFZl20W/dm7kee9qj6Tot4qKNFFO5LR1Kl00OxR5tU0i1m8KNXViGvKGSqTV 9Es2UkvDDDOQ+T4EY112yx/ADDNBemKYeAkCYATQTFlqWvnCmSiB5m6nrEpJyk+DKgkB U2dTdCruV/xlr6MlvoGleo1N8vl1T4wwk7w+vFbiw0VrGUoD6wbG+cTx9kY+K/eGvl6S QaB0Y2T5molzmQRtj7wmM9RuRzQ+tKP9sMRlMxU7RYz6J1O1eA7iCdAEqEsdV0CebLrq Px5A== MIME-Version: 1.0 X-Received: by 10.107.46.162 with SMTP id u34mr51830255iou.124.1439607917097; Fri, 14 Aug 2015 20:05:17 -0700 (PDT) Received: by 10.107.7.29 with HTTP; Fri, 14 Aug 2015 20:05:17 -0700 (PDT) In-Reply-To: <3236701.dypBHjs8Lg@arch_project> References: <55CD1CE6.2010502@lottspot.com> <55CE0659.6050206@freebsd.org> <3236701.dypBHjs8Lg@arch_project> Date: Sat, 15 Aug 2015 13:05:17 +1000 Message-ID: Subject: Re: Ethernet tunneling options under FreeBSD From: Outback Dingo To: James Lott Cc: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Aug 2015 03:05:18 -0000 On Sat, Aug 15, 2015 at 12:40 PM, James Lott wrote: > > you haven't really described the network well enough.. > > try an ascii-art diagram (don't forget to set fixed width font :-) > > a VPN required two ends.. one is FreeBSD... what's the other? > > The thing is, the "other" could be any number of operating systems. I'm > looking for a tunneling protocol with good cross-platform representation, > but > the higher priority it enduring it tunnels ethernet frames. > > For the sake of example we can say the other end is a FreeBSD host, since > FreeBSD is looking like the "lowest common denominator" on this topic. > > > if both ends are FreeBSD there are dozens of possibilities.. > > for example: > > ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif > > > > ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif > > > > I'm not overly concerned with the host side interfaces. What I'm really > concerned with is the tunneling protocol since that's what will need > support > on all of my platforms. Thus, a solution requiring netgraph on both ends is > not an option in my case. > > > tap->ppp->ppp->tap > > I have not found any ppp implementations under FreeBSD which support BCP. > To my understanding, that's the only method by which ethernet frames can be > tunneled over ppp... if I'm wrong, please do correct me! I would love > nothing > more than to be wrong about that :) > > On Friday, August 14, 2015 23:16:41 Julian Elischer wrote: > > On 8/14/15 6:40 AM, James Lott wrote: > > > Hello list, > > > > > > I am in the process of planning a build out of a L2 VPN, in which > > > I'd like to have my primary "switch" and DHCP server be a FreeBSD > > > system. I would like to join each new host to the VPN by > > > establishing an IP tunnel with the primary "switch" which transports > > > ethernet frames over the tunnel. > > > > you haven't really described the network well enough.. > > try an ascii-art diagram (don't forget to set fixed width font :-) > > a VPN required two ends.. one is FreeBSD... what's the other? > > > > > So far, the only protocol I have found supported by FreeBSD which > > > seems capable of this is EtherIP. As far as I can tell, it doesn't > > > look like there is any support for L2TPv3, and none of the PPP > > > implementations available appear to support BCP. > > > > > > I'm not completely opposed to using EtherIP, but if there is > > > something more modern which will meet my needs, I would probably try > > > that first. So my question becomes: > > > > > > * Does anyone know of a method supported under FreeBSD (other than > > > EtherIP) for tunneling ethernet over IP that they may be able to > > > suggest I check out? > > > > if both ends are FreeBSD there are dozens of possibilities.. > > for example: > > ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif > > > > ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif > > > > tap->ppp->ppp->tap > > > > > Thanks for any suggestions! > theres also N2N which is pretty nice, and well ZeroTierOne which is somewhat unique > > > _______________________________________________ > > > freebsd-net@freebsd.org mailing list > > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > -- > James Lott > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >