From owner-freebsd-net@FreeBSD.ORG Wed Jul 9 17:49:21 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B80901065675 for ; Wed, 9 Jul 2008 17:49:21 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outO.internet-mail-service.net (outo.internet-mail-service.net [216.240.47.238]) by mx1.freebsd.org (Postfix) with ESMTP id 9A2668FC19 for ; Wed, 9 Jul 2008 17:49:21 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 383DF23F8; Wed, 9 Jul 2008 10:49:22 -0700 (PDT) Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id BFA082D6022; Wed, 9 Jul 2008 10:49:19 -0700 (PDT) Message-ID: <4874FA1F.40209@elischer.org> Date: Wed, 09 Jul 2008 10:49:19 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: zaphod@fsklaw.com References: <8f7879db41dbaecc479a017110e8f32f.squirrel@cor> <200807040155.m641tl8s000607@lava.sentex.ca> <7904ac587e71a42fb86c2bbe77bde0ae.squirrel@cor> <200807091545.m69FjcP4031350@lava.sentex.ca> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Mike Tancsa Subject: Re: Tunneling issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 17:49:21 -0000 zaphod@fsklaw.com wrote: >> At 11:21 AM 7/9/2008, zaphod@fsklaw.com wrote: >> >>> I agree it should work. But it's not. With respect to the next two >>> questions, yes and yes. >> Can you post some of the configs you are using for 3 of the sites so >> we can perhaps spot the problem(s) you are having ? I have a similar >> setup with 5 sites, all talking to each other via IPSEC tunnels. Its >> a lot of policies, but they work just fine. >> >> >> >> >>> I'm not a huge fan of OpenVPN, but the bigger issue is that the gif >>> tunnels come up at boot up. As well as routes. Given the client server >>> nature of OpenVPN it is suitable, because if a server reboots, I'm not >>> certain a client would auto re-connect. >> We have ~ 400 sites running OpenVPN across Canada that all reconnect >> just fine after reboots / power cycles etc. We dont let the clients >> talk to each other, but that would just be a config change to allow >> that to work. >> >> ---Mike >> > Last first. Well that's good info on OpenVPN. > > As to the first, I'm not even at the ipsec stage yet. I'm just trying to > get tunnels up. I wrote a couple of shell scripts to bring them up for > testing. > > Server1 > > orange# more mkgif > #/bin/sh > ifconfig gif1 create > ifconfig gif1 1.1.1.1 2.2.2.2 ^^^^ what's that for? since you over-ride it in the next line vvvvv > ifconfig gif1 inet 192.168.72.1 192.168.70.1 netmask 255.255.255.0 (PTP links don't have netmasks) > ifconfig gif1 tunnel 1.1.1.1 2.2.2.2 > ifconfig gif1 mtu 1500 > route change 192.168.70.0 192.168.70.1 255.255.255.0 > route change 192.168.71.0 192.168.70.1 255.255.255.0 > > Server2 > to# more mkgif > #/bin/sh > ifconfig gif1 create > ifconfig gif1 2.2.2.2 1.1.1.1 > ifconfig gif1 inet 192.168.70.1 192.168.72.1 netmask 255.255.255.0 > ifconfig gif1 tunnel 2.2.2.2 1.1.1.1 > ifconfig gif1 mtu 1500 > route change 192.168.72.0 192.168.72.1 255.255.255.0 > > Seems pretty straight forward a tunnel. But nothing heads out. Can't ping > a thing. > > I even tried a gre, when I did that I got a ping error. Unfortunately I > can't find my note on the exact error. > > Cheers, > > Zaphod >> > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"