Date: Wed, 04 Oct 2006 12:19:49 +0100 From: Dunc <dunc@lemonia.org> To: Andrew Thompson <thompsa@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: Layer2 VPN Message-ID: <452398D5.90904@lemonia.org> In-Reply-To: <20061003234546.GK21444@heff.fud.org.nz> References: <45223E43.6060906@lemonia.org> <20061003230147.GI21444@heff.fud.org.nz> <4522F2FF.5060808@lemonia.org> <20061003234546.GK21444@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------080300030508080805030808 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Andrew Thompson wrote: > On Wed, Oct 04, 2006 at 12:32:15AM +0100, Dunc wrote: >> Andrew Thompson wrote: >>> On Tue, Oct 03, 2006 at 11:41:07AM +0100, Dunc wrote: >>> >>>> Hi folks, >>>> >>>> I've been trying to create a layer2 VPN using FreeBSD boxes as the >>>> gateways. >>>> >>> This should work fine with vlan headers, do you have any indication of >>> where the problem is? you may need to get packet dumps at the sending >>> and receiving ends. >>> >> I couldn't see why it wouldn't either. It's just an ethernet frame with >> an extra field filled in AIUI >> > > It may be because our bridge does not yet differentiate between vlans in > its forwarding table, you can confirm this by clearing the learn flag on all > the interfaces (ifconfig bridge0 -learn xxx0). Its not a proper solution > of course. > > Andrew > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" Hiya, Switching learning off doesn't seem to have helped. Please find attached some ifconfig output, and also tcpdumps. I'm starting at the interface where the machine I'm pinging from plugs in (fxp1). I'm including dumps with normal traffic (just to prove I have configured everything correctly as much as anything :-) ), and then with .1Q traffic. Hope this can shed some light. Cheers, Dunc --------------080300030508080805030808 Content-Type: text/plain; name="ifconfig_output.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ifconfig_output.txt" A end ----- fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet6 fe80::202:b3ff:fed8:40ff%fxp1 prefixlen 64 scopeid 0x2 ether 00:02:b3:d8:40:ff media: Ethernet autoselect (100baseTX <full-duplex>) status: active gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 tunnel inet 172.16.3.228 --> 172.16.3.245 inet6 fe80::202:b3ff:fed8:40fe%gif0 prefixlen 64 scopeid 0x6 bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether ac:de:48:7e:e3:ed priority 32768 hellotime 2 fwddelay 15 maxage 20 member: fxp1 flags=2<DISCOVER> member: gif0 flags=2<DISCOVER> B end ----- fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet6 fe80::203:47ff:feda:c9a1%fxp1 prefixlen 64 scopeid 0x2 ether 00:03:47:da:c9:a1 media: Ethernet autoselect (100baseTX <full-duplex>) status: active gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 tunnel inet 172.16.3.245 --> 172.16.3.228 inet6 fe80::203:47ff:feda:c9a0%gif0 prefixlen 64 scopeid 0x9 bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether ac:de:48:fd:bc:0d priority 32768 hellotime 2 fwddelay 15 maxage 20 member: fxp1 flags=2<DISCOVER> member: gif0 flags=2<DISCOVER> --------------080300030508080805030808 Content-Type: text/plain; name="tcpdump.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="tcpdump.txt" With Normal Traffic ------------------- root@freeospf:root # tcpdump -i fxp1 -e tcpdump: WARNING: fxp1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp1, link-type EN10MB (Ethernet), capture size 96 bytes 11:49:03.750456 00:30:48:5b:6d:e9 (oui Unknown) > 00:0d:88:fc:cc:c5 (oui Unknown), ethertype IPv4 (0x0800), length 98: 192.168.1.2 > 192.168.1.1: ICMP echo request, id 60847, seq 0, length 64 11:49:03.750977 00:0d:88:fc:cc:c5 (oui Unknown) > 00:30:48:5b:6d:e9 (oui Unknown), ethertype IPv4 (0x0800), length 98: 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 60847, seq 0, length 64 root@freeospf:root # tcpdump -i bridge0 -e tcpdump: WARNING: bridge0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bridge0, link-type EN10MB (Ethernet), capture size 96 bytes 11:49:57.174059 00:30:48:5b:6d:e9 (oui Unknown) > 00:0d:88:fc:cc:c5 (oui Unknown), ethertype IPv4 (0x0800), length 98: 192.168.1.2 > 192.168.1.1: ICMP echo request, id 61103, seq 0, length 64 11:49:57.174629 00:0d:88:fc:cc:c5 (oui Unknown) > 00:30:48:5b:6d:e9 (oui Unknown), ethertype IPv4 (0x0800), length 98: 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 61103, seq 0, length 64 root@freeospf:root # tcpdump -i gif0 -e tcpdump: WARNING: gif0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes 11:50:17.749652 AF IPv4 (2), length 102: IP0 bad-hlen 0 11:50:17.750098 AF Unknown (18), length 104: 0x0000: 0300 0030 485b 6de9 000d 88fc ccc5 0800 ...0H[m......... 0x0010: 4500 0054 e450 0000 4001 1305 c0a8 0101 E..T.P..@....... 0x0020: c0a8 0102 0000 2fec f2af 0000 4523 91e9 ....../.....E#.. 0x0030: 000b 1b49 0809 0a0b 0c0d 0e0f 1011 1213 ...I............ 0x0040: 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"# 0x0050: 2425 2627 2829 2a2b 2c2d 2e2f $%&'()*+,-./ root@freeospf:root # tcpdump -i fxp0 -n -e proto etherip tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 12:19:02.074798 00:02:b3:d8:40:fe > 00:03:47:da:c9:a0, ethertype IPv4 (0x0800), length 134: 172.16.3.228 > 172.16.3.245: etherip 100 12:19:02.075237 00:03:47:da:c9:a0 > 00:02:b3:d8:40:fe, ethertype IPv4 (0x0800), length 134: 172.16.3.245 > 172.16.3.228: etherip 100 With 802.1Q Traffic ------------------- root@freeospf:root # tcpdump -i fxp1 -e tcpdump: WARNING: fxp1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp1, link-type EN10MB (Ethernet), capture size 96 bytes 11:57:23.777721 00:30:48:5b:6d:e9 (oui Unknown) > 00:0d:88:fc:cc:c5 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 901, p 0, ethertype IPv4, 192.168.1.2 > 192.168.1.1: ICMP echo request, id 4016, seq 0, length 64 root@freeospf:root # tcpdump -i bridge0 -e tcpdump: WARNING: bridge0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bridge0, link-type EN10MB (Ethernet), capture size 96 bytes 11:57:59.993522 00:30:48:5b:6d:e9 (oui Unknown) > 00:0d:88:fc:cc:c5 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 901, p 0, ethertype IPv4, 192.168.1.2 > 192.168.1.1: ICMP echo request, id 4272, seq 0, length 64 root@freeospf:root # tcpdump -i gif0 -e tcpdump: WARNING: gif0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes 12:06:03.947363 AF Unknown (18), length 66: 0x0000: 0300 ffff ffff ffff 0018 19d5 8842 0806 .............B.. 0x0010: 0001 0800 0604 0001 0018 19d5 8842 d581 .............B.. 0x0020: 4efe 0000 0000 0000 d581 4002 0000 0000 N.........@..... 0x0030: 0000 0000 0000 0000 0000 0000 0000 .............. 12:06:05.960222 AF Unknown (18), length 66: 0x0000: 0300 ffff ffff ffff 0018 19d5 8842 0806 .............B.. 0x0010: 0001 0800 0604 0001 0018 19d5 8842 d581 .............B.. 0x0020: 4efe 0000 0000 0000 d581 4002 0000 0000 N.........@..... 0x0030: 0000 0000 0000 0000 0000 0000 0000 .............. root@freeospf:root # tcpdump -i fxp0 -n -e proto etherip tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 12:08:11.947009 00:03:47:da:c9:a0 > 00:02:b3:d8:40:fe, ethertype IPv4 (0x0800), length 96: 172.16.3.245 > 172.16.3.228: etherip 62 12:08:13.959934 00:03:47:da:c9:a0 > 00:02:b3:d8:40:fe, ethertype IPv4 (0x0800), length 96: 172.16.3.245 > 172.16.3.228: etherip 62 at the far end..... root@l2vpntest:~ # tcpdump -i fxp0 -e proto etherip tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 12:10:19.930607 00:03:47:da:c9:a0 (oui Unknown) > 00:02:b3:d8:40:fe (oui Unknown), ethertype IPv4 (0x0800), length 96: 172.16.3.245 > 172.16.3.228: etherip 62 12:10:21.943544 00:03:47:da:c9:a0 (oui Unknown) > 00:02:b3:d8:40:fe (oui Unknown), ethertype IPv4 (0x0800), length 96: 172.16.3.245 > 172.16.3.228: etherip 62 root@l2vpntest:~ # tcpdump -i gif0 -e tcpdump: WARNING: gif0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes 12:11:23.924575 AF IPv4 (2), length 64: IP15 truncated-ip - 65475 bytes missing! server1.globalreachinc.com > 8.0.6.4: ip-proto-213 12:11:25.937467 AF IPv4 (2), length 64: IP15 truncated-ip - 65475 bytes missing! server1.globalreachinc.com > 8.0.6.4: ip-proto-213 And that's it..... I never see packets tcpdumping bridge0 at this end. The last one looks very strange too! --------------080300030508080805030808--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?452398D5.90904>