Date: Wed, 17 Aug 2022 13:12:14 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: Milan Obuch <freebsd-net@dino.sk> Cc: freebsd-net@freebsd.org Subject: Re: Tunnel interfaces and vnet boundary crossing Message-ID: <20220817201214.GZ88842@funkthat.com> In-Reply-To: <20220815085303.2c5cdb02@zeta.dino.sk> References: <20220815085303.2c5cdb02@zeta.dino.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
Milan Obuch wrote this message on Mon, Aug 15, 2022 at 08:53 +0200:
> I tried to mimic this in FreeBSD with following commands:
>
> ifconfig gre1 create tunnel 172.16.1.1 172.16.0.1 vnet ov1
> jexec ov1 ifconfig gre1 10.1.0.2/30 10.1.0.1
>
> This does not work. I found some older post which made me believing
> this is caused by clearing whole tunnel configuration after moving
> interface into different vnet. My (failed) tests indicate this is most
> probably the cause.
>
> So, my question is, does anybody use tunnel interface similar way? Is
> it possible to achieve what I am trying with netgraph? I am able to
> create some inter-vnet link using epair interface, but this is
> something different. Or ideally, is somebody using IPSEC with VNET
> jails, processing encapsulating packets in base and raw content in some
> child vnet?
This doesn't work since the tunnel interface needs to see the interface
with the IP to route it to, and since it's in another jail/vnet, it can't
get there.
The closes thing I can think of is putting an epair in w/ the tunnel
interface, and routing the tunnel out of the vnet via the epair interface...
Does this make sense?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220817201214.GZ88842>