FreeBSD Mail Archives

Date:      Mon, 30 Apr 2001 17:52:27 -0700
From:      Lars Eggert <larse@ISI.EDU>
To:        "Michael C. Cambria" <cambria@mediaone.net>
Cc:        freebsd-net@freebsd.org
Subject:   Re: Tunnels & Route Advertisements
Message-ID:  <3AEE08CB.FB50F8CA@isi.edu>
References:  <3AEAEE6A.8AEAD76F@mediaone.net>


[-- Attachment #1 --]
> Should a tunnel endpoint show up in route advertisements sent from
> rip/gated/zebra running on the FreeBSD 4.3-Stable system?

Depends on if your routing protocol advertises over point-to-point links
(like gif interfaces). If so, you should see virtual interfaces being
advertised.
 
> My guess is that for IPIP (e.g. gif interfaces), both remote endpoints
> (outer IP address & inner IP address) are added to the local route table
> since FreeBSD sees them as 2 interfaces.

No. Adding a virtual interface adds one route for the virtual (= inner)
IP address. The outer address is that of another interface, and thus
already there.

> It seems that ifconfig should
> (or at least could) just add the route for gif0 just as it would for
> xl0.  Is this the case?

Yes. (Look at netstat -r after an ifconfig on a gif.)
 
> For _IPSec_ tunnels, I'm not as sure.  I don't see any existing
> mechinism that I'm familiar with such as ifconfig.  Any ideas?

IPsec tunnels (on FreeBSD) are not devices, and thus not represented in
the routing table at all. Tunneling is done based on the IPsec SA
database, which is separate and not integrated with the routing table at
all.
 
> I prefer IPSec tunnels for encryption of the internet, but can live (for
> now) with IPIP if it does the job.

IPsec transport mode combined with IPIP tunnels does the trick (dynamic
routing + IPsec). See
ftp://ftp.isi.edu/internet-drafts/draft-touch-ipsec-vpn-01.txt

Lars
-- 
Lars Eggert <larse@isi.edu>               Information Sciences Institute
http://www.isi.edu/larse/              University of Southern California
[-- Attachment #2 --]
0�#	*�H��
��0�10	+0	*�H��
���0��0�A�#0
	*�H��
0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.160
000824203008Z
010824203008Z0T10
UEggert1
0U*Lars10ULars Eggert10	*�H��
	
larse@isi.edu0��0
	*�H��
��0�����\�p�9޻� H;�����v��֐�r��∩6��"C?mxf�J��f��7����I��[���3C�F�́�L	I
�-�����zHR���VA怤2�]0-b��L�)���%X>�n�Ӆ�w0u0*+e!000L2uMyffBNUbNJJcdZ2s0U0�
larse@isi.edu0U�00U#0����`�fU��X�F�a�#�Ì0
	*�H��
����_3��	��F�=%nW�Y-HXD�9�UO���c�6�ܰ�w�f�@u�ܶ�NԄR?��P�r}����E��1�֮2�3�������mF�h�ySwM_h|d y����R�����=��$�P ����0�0�}�0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
990916140140Z
010915140140Z0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.160��0
	*�H��
��0�����iZ���z��]�!�#r�LK�~����r$�BR�W��{az���r98����e��^��e���yvL>�hpu��t�,O	1��A�rƦ]�D��.�M��օ>l�x�~@�эW��s�0�F�O�7050U�0�0U#0�rI�s4�U�vr�~w��Ʋ0
	*�H��
��k�Y�1�����rr��`H��U�{�g��ap�m¥7؝�(V��\uoƑ��lfq�|k�o��!6-���	��-mƃR����������t��\���~��
orzg,ks�����n�Ν��c)�	~U�1��0��0��0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.16#0	+���0	*�H��
	1	*�H��
0	*�H��
	1
010501005227Z0#	*�H��
	18��X��(jv31x_A�(��0R	*�H��
	1E0C0
*�H��
0*�H��
�0+0
*�H��
@0
*�H��
(0
	*�H��
��j��]�s�P.�f]quoY���n&s+�
��,��Z$��#,��y��$��a�k��0@R'�,!\8���l9@ >zx~=��z	T0����U)��I>�v�;��zy�H����&�"}Jk���z
�|

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AEE08CB.FB50F8CA>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation