Date: Wed, 09 Jul 2008 10:49:19 -0700 From: Julian Elischer <julian@elischer.org> To: zaphod@fsklaw.com Cc: freebsd-net@freebsd.org, Mike Tancsa <mike@sentex.net> Subject: Re: Tunneling issues Message-ID: <4874FA1F.40209@elischer.org> In-Reply-To: <ae8c87bc77551550826e2906287c4cf0.squirrel@cor> References: <8f7879db41dbaecc479a017110e8f32f.squirrel@cor> <200807040155.m641tl8s000607@lava.sentex.ca> <7904ac587e71a42fb86c2bbe77bde0ae.squirrel@cor> <200807091545.m69FjcP4031350@lava.sentex.ca> <ae8c87bc77551550826e2906287c4cf0.squirrel@cor>
next in thread | previous in thread | raw e-mail | index | archive | help
zaphod@fsklaw.com wrote: >> At 11:21 AM 7/9/2008, zaphod@fsklaw.com wrote: >> >>> I agree it should work. But it's not. With respect to the next two >>> questions, yes and yes. >> Can you post some of the configs you are using for 3 of the sites so >> we can perhaps spot the problem(s) you are having ? I have a similar >> setup with 5 sites, all talking to each other via IPSEC tunnels. Its >> a lot of policies, but they work just fine. >> >> >> >> >>> I'm not a huge fan of OpenVPN, but the bigger issue is that the gif >>> tunnels come up at boot up. As well as routes. Given the client server >>> nature of OpenVPN it is suitable, because if a server reboots, I'm not >>> certain a client would auto re-connect. >> We have ~ 400 sites running OpenVPN across Canada that all reconnect >> just fine after reboots / power cycles etc. We dont let the clients >> talk to each other, but that would just be a config change to allow >> that to work. >> >> ---Mike >> > Last first. Well that's good info on OpenVPN. > > As to the first, I'm not even at the ipsec stage yet. I'm just trying to > get tunnels up. I wrote a couple of shell scripts to bring them up for > testing. > > Server1 > > orange# more mkgif > #/bin/sh > ifconfig gif1 create > ifconfig gif1 1.1.1.1 2.2.2.2 ^^^^ what's that for? since you over-ride it in the next line vvvvv > ifconfig gif1 inet 192.168.72.1 192.168.70.1 netmask 255.255.255.0 (PTP links don't have netmasks) > ifconfig gif1 tunnel 1.1.1.1 2.2.2.2 > ifconfig gif1 mtu 1500 > route change 192.168.70.0 192.168.70.1 255.255.255.0 > route change 192.168.71.0 192.168.70.1 255.255.255.0 > > Server2 > to# more mkgif > #/bin/sh > ifconfig gif1 create > ifconfig gif1 2.2.2.2 1.1.1.1 > ifconfig gif1 inet 192.168.70.1 192.168.72.1 netmask 255.255.255.0 > ifconfig gif1 tunnel 2.2.2.2 1.1.1.1 > ifconfig gif1 mtu 1500 > route change 192.168.72.0 192.168.72.1 255.255.255.0 > > Seems pretty straight forward a tunnel. But nothing heads out. Can't ping > a thing. > > I even tried a gre, when I did that I got a ping error. Unfortunately I > can't find my note on the exact error. > > Cheers, > > Zaphod >> > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4874FA1F.40209>