Date: Wed, 9 Jul 2008 10:30:09 -0700 (PDT) From: zaphod@fsklaw.com To: "Mike Tancsa" <mike@sentex.net>, freebsd-net@freebsd.org Subject: Re: Tunneling issues Message-ID: <ae8c87bc77551550826e2906287c4cf0.squirrel@cor> In-Reply-To: <200807091545.m69FjcP4031350@lava.sentex.ca> References: <8f7879db41dbaecc479a017110e8f32f.squirrel@cor> <200807040155.m641tl8s000607@lava.sentex.ca> <7904ac587e71a42fb86c2bbe77bde0ae.squirrel@cor> <200807091545.m69FjcP4031350@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> At 11:21 AM 7/9/2008, zaphod@fsklaw.com wrote: > >>I agree it should work. But it's not. With respect to the next two >>questions, yes and yes. > > Can you post some of the configs you are using for 3 of the sites so > we can perhaps spot the problem(s) you are having ? I have a similar > setup with 5 sites, all talking to each other via IPSEC tunnels. Its > a lot of policies, but they work just fine. > > > > >>I'm not a huge fan of OpenVPN, but the bigger issue is that the gif >>tunnels come up at boot up. As well as routes. Given the client server >>nature of OpenVPN it is suitable, because if a server reboots, I'm not >>certain a client would auto re-connect. > > We have ~ 400 sites running OpenVPN across Canada that all reconnect > just fine after reboots / power cycles etc. We dont let the clients > talk to each other, but that would just be a config change to allow > that to work. > > ---Mike > Last first. Well that's good info on OpenVPN. As to the first, I'm not even at the ipsec stage yet. I'm just trying to get tunnels up. I wrote a couple of shell scripts to bring them up for testing. Server1 orange# more mkgif #/bin/sh ifconfig gif1 create ifconfig gif1 1.1.1.1 2.2.2.2 ifconfig gif1 inet 192.168.72.1 192.168.70.1 netmask 255.255.255.0 ifconfig gif1 tunnel 1.1.1.1 2.2.2.2 ifconfig gif1 mtu 1500 route change 192.168.70.0 192.168.70.1 255.255.255.0 route change 192.168.71.0 192.168.70.1 255.255.255.0 Server2 to# more mkgif #/bin/sh ifconfig gif1 create ifconfig gif1 2.2.2.2 1.1.1.1 ifconfig gif1 inet 192.168.70.1 192.168.72.1 netmask 255.255.255.0 ifconfig gif1 tunnel 2.2.2.2 1.1.1.1 ifconfig gif1 mtu 1500 route change 192.168.72.0 192.168.72.1 255.255.255.0 Seems pretty straight forward a tunnel. But nothing heads out. Can't ping a thing. I even tried a gre, when I did that I got a ping error. Unfortunately I can't find my note on the exact error. Cheers, Zaphod > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ae8c87bc77551550826e2906287c4cf0.squirrel>