Date: Wed, 17 Aug 2022 13:12:14 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: Milan Obuch <freebsd-net@dino.sk> Cc: freebsd-net@freebsd.org Subject: Re: Tunnel interfaces and vnet boundary crossing Message-ID: <20220817201214.GZ88842@funkthat.com> In-Reply-To: <20220815085303.2c5cdb02@zeta.dino.sk> References: <20220815085303.2c5cdb02@zeta.dino.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
Milan Obuch wrote this message on Mon, Aug 15, 2022 at 08:53 +0200: > I tried to mimic this in FreeBSD with following commands: > > ifconfig gre1 create tunnel 172.16.1.1 172.16.0.1 vnet ov1 > jexec ov1 ifconfig gre1 10.1.0.2/30 10.1.0.1 > > This does not work. I found some older post which made me believing > this is caused by clearing whole tunnel configuration after moving > interface into different vnet. My (failed) tests indicate this is most > probably the cause. > > So, my question is, does anybody use tunnel interface similar way? Is > it possible to achieve what I am trying with netgraph? I am able to > create some inter-vnet link using epair interface, but this is > something different. Or ideally, is somebody using IPSEC with VNET > jails, processing encapsulating packets in base and raw content in some > child vnet? This doesn't work since the tunnel interface needs to see the interface with the IP to route it to, and since it's in another jail/vnet, it can't get there. The closes thing I can think of is putting an epair in w/ the tunnel interface, and routing the tunnel out of the vnet via the epair interface... Does this make sense? -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220817201214.GZ88842>