From owner-freebsd-virtualization@FreeBSD.ORG Fri Jun 4 21:46:18 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6ADFF106566B for ; Fri, 4 Jun 2010 21:46:18 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id F35848FC15 for ; Fri, 4 Jun 2010 21:46:17 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 0359041C756; Fri, 4 Jun 2010 23:46:17 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id zjjQRHJ5PNAF; Fri, 4 Jun 2010 23:46:16 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 38BE441C752; Fri, 4 Jun 2010 23:46:16 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 2366F4448EC; Fri, 4 Jun 2010 21:45:58 +0000 (UTC) Date: Fri, 4 Jun 2010 21:45:58 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: "Yin, Kwong-Sang" In-Reply-To: Message-ID: <20100604214235.B43852@maildrop.int.zabbadoz.net> References: X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: "freebsd-virtualization@freebsd.org" Subject: Re: Error while Setting up IPsec in 2 vimages X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2010 21:46:18 -0000 On Fri, 4 Jun 2010, Yin, Kwong-Sang wrote: > > I'm currently using FreeBSD 8.0 Stable and below I created 2 vimages. I'm trying to setup tunnel mode IPsec using racoon for each vimage but got error message for the vimage e0_n1. > > [root@er2 /home/kwong]# vimage -c e0_n0 > [root@er2 /home/kwong]# vimage e0_n0 ifconfig gif0 create > [root@er2 /home/kwong]# vimage -c e0_n1 > [root@er2 /home/kwong]# vimage e0_n1 ifconfig gif0 create > ifconfig: SIOCIFCREATE2: File exists > > But when I checked, gif0 is only in vimage e0_n0. You get an error when creating the 2mf gif interface. None but if_loop cloners are currently virtualized in a way that you can create overlapping interface names between vnets. I am have a prototype to fix the infrastructure rather than each driver but it needs a bit of cleanup still. You may want to create gif0 and a gif1 meanwhile; that should work. /bz PS: for tunnel mode IPsec you do not need gif tunnels at all. You can just setup ipsec. If you need interfaces over ipsec for link state protocols like OSPF you would want to configure transport mode for the gif-tunnel endpoints and only protect those (the gif tunnel) and then use routes. -- Bjoern A. Zeeb I will let you know once I escaped from my bird cage and learnt to fly again. -- Ottawa, ON, Canada, 21st May 2010