Date: Fri, 27 Jan 2006 14:25:35 +0100 From: Bob Kersten <bob_freebsd_questions@fellownet.com> To: Fabian Keil <freebsd-listen@fabiankeil.de> Cc: freebsd-questions@freebsd.org Subject: Re: VPN / Bridge Message-ID: <7D22F62E-5CEA-4B8A-BBB4-0C42AF93E975@fellownet.com> In-Reply-To: <20060125115737.6b3fc4e2@localhost> References: <E11CF724-B7BB-473B-B313-EBCFCB593424@fellownet.com> <20060124172803.398db141@localhost> <37771069-F2EF-402A-9542-B6784F494AE7@fellownet.com> <20060125115737.6b3fc4e2@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
On 25-jan-2006, at 11:57, Fabian Keil wrote:
> root@TP51 ~ #ifconfig gif0 tunnel 1.2.3.4 5.6.7.8 up
> root@TP51 ~ #ifconfig bridge0 create
> root@TP51 ~ #ifconfig bridge0 addm ndis0 addm gif0 up
> root@TP51 ~ #ifconfig bridge0
> bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> ether ac:de:48:f4:4e:9c
> priority 32768 hellotime 2 fwddelay 15 maxage 20
> member: gif0 flags=3<LEARNING,DISCOVER>
> member: ndis0 flags=3<LEARNING,DISCOVER>
>
> BTW: man if_config says all members of the bridge are required to
> have the same MTU, but ifconfig doesn't seem to check it.
> My setup wouldn't work as gif0 has a MTU of 1280.
Gjee ... I'm still not able to add the gif0 device to my bridge0.
I'm using FreeBSD6.0 and I've fixed the mtu on my gif0 device to be
1500. These are the steps that I take:
[/] root@spike> ifconfig gif0 create
[/] root@spike> ifconfig gif0 tunnel 1.2.3.4 5.6.7.8 mtu 1500 up
[/] root@spike> ifconfig bridge0 create
[/] root@spike> ifconfig bridge0 addm fxp0
[/] root@spike> ifconfig bridge0 addm gif0
ifconfig: BRDGADD gif0: Invalid argument
[/] root@spike> ifconfig
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
1500
options=8<VLAN_MTU>
inet6 fe80::202:a5ff:fe26:6e45%fxp0 prefixlen 64 scopeid 0x1
inet 192.168.100.101 netmask 0xffffff00 broadcast
192.168.100.255
ether 00:02:a5:26:6e:45
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 fe80::2e0:xxxx:xxxx:xxxx%rl0 prefixlen 64 scopeid 0x2
inet 1.2.3.4 netmask 0xfffffe00 broadcast 83.160.3.255
ether 00:e0:4c:a2:b5:f6
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
tunnel inet 1.2.3.4 --> 5.6.7.8
inet6 fe80::202:a5ff:xxxx:xxxx%gif0 prefixlen 64 scopeid 0x4
bridge0: flags=8000<MULTICAST> mtu 1500
ether ac:de:48:ee:6a:cf
priority 32768 hellotime 2 fwddelay 15 maxage 20
member: fxp0 flags=3<LEARNING,DISCOVER>
The 'fake' ip addresses don't matter, it doesn't work with real
addresses either. It seems as if gif0 is not accepted as 'real'
ethernet device when trying to add it to the bridge. Maybe this isn't
the right way to achive the VPN with all clients in the same subnet.
Maybe there's a different solution necessary, or I'm doing something
wrong, I don't know. Maybe someone could shed some light on this?
Cheers,
Bob.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7D22F62E-5CEA-4B8A-BBB4-0C42AF93E975>