Date: Wed, 17 Aug 2022 23:08:32 +0200 From: Milan Obuch <freebsd-net@dino.sk> To: John-Mark Gurney <jmg@funkthat.com> Cc: freebsd-net@freebsd.org Subject: Re: Tunnel interfaces and vnet boundary crossing Message-ID: <20220817230832.5d688ee5@zeta.dino.sk> In-Reply-To: <20220817201214.GZ88842@funkthat.com> References: <20220815085303.2c5cdb02@zeta.dino.sk> <20220817201214.GZ88842@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Aug 2022 13:12:14 -0700 John-Mark Gurney <jmg@funkthat.com> wrote: > Milan Obuch wrote this message on Mon, Aug 15, 2022 at 08:53 +0200: > > I tried to mimic this in FreeBSD with following commands: > > > > ifconfig gre1 create tunnel 172.16.1.1 172.16.0.1 vnet ov1 > > jexec ov1 ifconfig gre1 10.1.0.2/30 10.1.0.1 > > > > This does not work. I found some older post which made me believing > > this is caused by clearing whole tunnel configuration after moving > > interface into different vnet. My (failed) tests indicate this is > > most probably the cause. > > > > So, my question is, does anybody use tunnel interface similar way? > > Is it possible to achieve what I am trying with netgraph? I am able > > to create some inter-vnet link using epair interface, but this is > > something different. Or ideally, is somebody using IPSEC with VNET > > jails, processing encapsulating packets in base and raw content in > > some child vnet? > > This doesn't work since the tunnel interface needs to see the > interface with the IP to route it to, and since it's in another > jail/vnet, it can't get there. > > The closes thing I can think of is putting an epair in w/ the tunnel > interface, and routing the tunnel out of the vnet via the epair > interface... > > Does this make sense? > Partially, but does not help. Problem is there could be two networks somewhere run by two different entities, different admins, both using, say, 192.168.1.0/24 for LAN segment. With your approach, I would need two routes for the same destination address block via two tunnels. Obviously, not good. Regards, Milan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220817230832.5d688ee5>