From owner-freebsd-security Mon Jan 7 10:58:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id 734EF37B416 for ; Mon, 7 Jan 2002 10:58:30 -0800 (PST) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id g07IwSG28430; Mon, 7 Jan 2002 10:58:28 -0800 Date: Mon, 7 Jan 2002 10:58:27 -0800 From: Brooks Davis To: Alwyn Goodloe Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipsec setup question Message-ID: <20020107105827.A28192@Odin.AC.HMC.Edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from agoodloe@gradient.cis.upenn.edu on Mon, Jan 07, 2002 at 01:49:19PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 07, 2002 at 01:49:19PM -0500, Alwyn Goodloe wrote: >=20 > Hi folks, I am trying to set up an IPV4 over IPV4 tunnel on a testbed of > four systems I have setup for research. Because its research my configura= tion > is probably a bit different than most of you would run in practice. > The first test would have a tunnel bewteen the two ends of the network. > (You can think of this as the client and server both acting as gateways > with two routers in between). >=20 > >From the somewhat limited documentation I did the > following: >=20 > gifconfig gif0 inet 192.168.1.3 192.168.5.12 > ifconfig gif0 inet 192.168.1.3 192.168.5.12 > route add -net 192.168.5.12 -interface gif0 >=20 > Unfortunately I get the error message: >=20 > error_message=3D/kernel:gif_out:recursively called too many times >=20 >=20 > Anyone got any ideas?? The physical endpoints can't be the same as the tunnel endpoints. Choose different values for ifconfig. If you just want to encrypt traffic between two hosts, no tunnels are needed. > Also I would like to nest tunnels and by that I mean >=20 > say have an end to end tunnel with ESP but have each intermediate router > (there are two of them) check AH headers on the packet. Anyone see any > problems with this. No clue. Actually nesting gif tunnels requires that you define XBONEHACK when building your kernel. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8Oe/SXY6L6fI4GtQRAsLAAKC/HZScqaAYChHRi9r/frKif+BcvgCfYuRo jkID5jrOYSr907OlXN0Rics= =xHBC -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message