Date: Sun, 16 Aug 2015 07:25:40 -0700 From: James Lott <james@lottspot.com> To: freebsd-net@freebsd.org Subject: Re: Ethernet tunneling options under FreeBSD Message-ID: <2049148.2xMuIgxkh4@arch_project> In-Reply-To: <55D09884.7010102@freebsd.org> References: <55CD1CE6.2010502@lottspot.com> <2628655.0T22OuP5Ng@arch_project> <55D09884.7010102@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> you can do this on freebsd with no added software > look at /usr/share/examples/netgraph. In particular the ether.bridge, > virtual.lan and the udp.tunnel > examples. > You should be able to create a script that will tunnel two ethernet > bridges together using elements from each script. Ah, ok, I'm understanding your original suggestion better now. If that is the case, I will definitely be checking out netgraph examples. Having simple tunnel connections for tap devices in this manner is something I've been after for a while, and I think will be desirable for certain hosts I intend to connect to the VPN. Thank you for this great suggestion! On Sunday, August 16, 2015 22:04:52 Julian Elischer wrote: > On 8/15/15 11:32 AM, James Lott wrote: > > n2n honestly looks wonderful, but it also appears to be dead... I'm trying > > to stay as close to the OS layer as possible with my options, so I would > > prefer to limit the role of comprehensive software like OpenVPN or what > > ZeroTierOne appears to be. > > > > I actually found this interesting github project, which provides a simple > > solution for what I'm trying to do... > > > > https://github.com/vsergeev/tinytaptunnel > > you can do this on freebsd with no added software > look at /usr/share/examples/netgraph. In particular the ether.bridge, > virtual.lan and the udp.tunnel > examples. > You should be able to create a script that will tunnel two ethernet > bridges together using elements from each script. > > I suspect you could make it totally compatible with tinytaptunnel. > > > Unfortunately, it's written for Linux... and... in go... but the README at > > least gave me a couple more ideas to look into. > > > > Feel free to keep coming with the suggestions if anyone has anymore! This > > is great stuff > > > > On Saturday, August 15, 2015 13:05:17 Outback Dingo wrote: > >> On Sat, Aug 15, 2015 at 12:40 PM, James Lott <james@lottspot.com> > > > > wrote: > >>>> you haven't really described the network well enough.. > >>>> try an ascii-art diagram (don't forget to set fixed width font :-) > >>>> a VPN required two ends.. one is FreeBSD... what's the other? > >>> > >>> The thing is, the "other" could be any number of operating systems. I'm > >>> looking for a tunneling protocol with good cross-platform > >>> representation, > >>> but > >>> the higher priority it enduring it tunnels ethernet frames. > >>> > >>> For the sake of example we can say the other end is a FreeBSD host, > >>> since > >>> FreeBSD is looking like the "lowest common denominator" on this topic. > >>> > >>>> if both ends are FreeBSD there are dozens of possibilities.. > >>>> for example: > >>>> ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif > >>>> > >>>> ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif > >>> > >>> I'm not overly concerned with the host side interfaces. What I'm really > >>> concerned with is the tunneling protocol since that's what will need > >>> support > >>> on all of my platforms. Thus, a solution requiring netgraph on both ends > >>> is > >>> not an option in my case. > >>> > >>>> tap->ppp->ppp->tap > >>> > >>> I have not found any ppp implementations under FreeBSD which support > > > > BCP. > > > >>> To my understanding, that's the only method by which ethernet frames can > >>> be > >>> tunneled over ppp... if I'm wrong, please do correct me! I would love > >>> nothing > >>> more than to be wrong about that :) > >>> > >>> On Friday, August 14, 2015 23:16:41 Julian Elischer wrote: > >>>> On 8/14/15 6:40 AM, James Lott wrote: > >>>>> Hello list, > >>>>> > >>>>> I am in the process of planning a build out of a L2 VPN, in which > >>>>> I'd like to have my primary "switch" and DHCP server be a FreeBSD > >>>>> system. I would like to join each new host to the VPN by > >>>>> establishing an IP tunnel with the primary "switch" which transports > >>>>> ethernet frames over the tunnel. > >>>> > >>>> you haven't really described the network well enough.. > >>>> try an ascii-art diagram (don't forget to set fixed width font :-) > >>>> a VPN required two ends.. one is FreeBSD... what's the other? > >>>> > >>>>> So far, the only protocol I have found supported by FreeBSD which > >>>>> seems capable of this is EtherIP. As far as I can tell, it doesn't > >>>>> look like there is any support for L2TPv3, and none of the PPP > >>>>> implementations available appear to support BCP. > >>>>> > >>>>> I'm not completely opposed to using EtherIP, but if there is > >>>>> something more modern which will meet my needs, I would probably > > > > try > > > >>>>> that first. So my question becomes: > >>>>> > >>>>> * Does anyone know of a method supported under FreeBSD (other than > >>>>> EtherIP) for tunneling ethernet over IP that they may be able to > >>>>> suggest I check out? > >>>> > >>>> if both ends are FreeBSD there are dozens of possibilities.. > >>>> for example: > >>>> ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif > >>>> > >>>> ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif > >>>> > >>>> tap->ppp->ppp->tap > >>>> > >>>>> Thanks for any suggestions! > >> > >> theres also N2N which is pretty nice, and well ZeroTierOne which is > >> somewhat unique > >> > >>>>> _______________________________________________ > >>>>> freebsd-net@freebsd.org mailing list > >>>>> https://lists.freebsd.org/mailman/listinfo/freebsd-net > >>>>> To unsubscribe, send any mail to "freebsd-net- > > > > unsubscribe@freebsd.org" > > > >>>> _______________________________________________ > >>>> freebsd-net@freebsd.org mailing list > >>>> https://lists.freebsd.org/mailman/listinfo/freebsd-net > >>>> To unsubscribe, send any mail to "freebsd-net- unsubscribe@freebsd.org" > >>> > >>> -- > >>> James Lott > >>> _______________________________________________ > >>> freebsd-net@freebsd.org mailing list > >>> https://lists.freebsd.org/mailman/listinfo/freebsd-net > >>> To unsubscribe, send any mail to "freebsd-net- unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- James Lott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2049148.2xMuIgxkh4>