Date: Mon, 7 Jan 2002 10:58:27 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipsec setup question Message-ID: <20020107105827.A28192@Odin.AC.HMC.Edu> In-Reply-To: <Pine.GSO.4.33.0201071348210.16221-100000@gradient.cis.upenn.edu>; from agoodloe@gradient.cis.upenn.edu on Mon, Jan 07, 2002 at 01:49:19PM -0500 References: <Pine.GSO.4.33.0201071348210.16221-100000@gradient.cis.upenn.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 07, 2002 at 01:49:19PM -0500, Alwyn Goodloe wrote: >=20 > Hi folks, I am trying to set up an IPV4 over IPV4 tunnel on a testbed of > four systems I have setup for research. Because its research my configura= tion > is probably a bit different than most of you would run in practice. > The first test would have a tunnel bewteen the two ends of the network. > (You can think of this as the client and server both acting as gateways > with two routers in between). >=20 > >From the somewhat limited documentation I did the > following: >=20 > gifconfig gif0 inet 192.168.1.3 192.168.5.12 > ifconfig gif0 inet 192.168.1.3 192.168.5.12 > route add -net 192.168.5.12 -interface gif0 >=20 > Unfortunately I get the error message: >=20 > error_message=3D/kernel:gif_out:recursively called too many times >=20 >=20 > Anyone got any ideas?? The physical endpoints can't be the same as the tunnel endpoints. Choose different values for ifconfig. If you just want to encrypt traffic between two hosts, no tunnels are needed. > Also I would like to nest tunnels and by that I mean >=20 > say have an end to end tunnel with ESP but have each intermediate router > (there are two of them) check AH headers on the packet. Anyone see any > problems with this. No clue. Actually nesting gif tunnels requires that you define XBONEHACK when building your kernel. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8Oe/SXY6L6fI4GtQRAsLAAKC/HZScqaAYChHRi9r/frKif+BcvgCfYuRo jkID5jrOYSr907OlXN0Rics= =xHBC -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020107105827.A28192>