From owner-freebsd-virtualization@FreeBSD.ORG  Fri Jun  4 21:30:38 2010
Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG>
Delivered-To: freebsd-virtualization@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5A88F1065673
	for <freebsd-virtualization@freebsd.org>;
	Fri,  4 Jun 2010 21:30:38 +0000 (UTC)
	(envelope-from kwong-sang.yin@boeing.com)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com
	[130.76.64.48]) by mx1.freebsd.org (Postfix) with ESMTP id 334ED8FC12
	for <freebsd-virtualization@freebsd.org>;
	Fri,  4 Jun 2010 21:30:38 +0000 (UTC)
Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4])
	by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with
	ESMTP id o54KwTnP005742
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
	for <freebsd-virtualization@freebsd.org>;
	Fri, 4 Jun 2010 13:58:29 -0700 (PDT)
Received: from slb-av-01.boeing.com (localhost [127.0.0.1])
	by slb-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id
	o54KwTph015799 for <freebsd-virtualization@freebsd.org>;
	Fri, 4 Jun 2010 13:58:29 -0700 (PDT)
Received: from XCH-NWHT-05.nw.nos.boeing.com (xch-nwht-05.nw.nos.boeing.com
	[130.247.25.109])
	by slb-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id
	o54KwSAT015789
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK)
	for <freebsd-virtualization@freebsd.org>;
	Fri, 4 Jun 2010 13:58:29 -0700 (PDT)
Received: from XCH-NW-13V.nw.nos.boeing.com ([130.247.25.247]) by
	XCH-NWHT-05.nw.nos.boeing.com ([130.247.25.109]) with mapi;
	Fri, 4 Jun 2010 13:58:29 -0700
From: "Yin, Kwong-Sang" <kwong-sang.yin@boeing.com>
To: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>
Date: Fri, 4 Jun 2010 13:58:27 -0700
Thread-Topic: Error while Setting up IPsec in 2 vimages
Thread-Index: AcsEKK3CrNV6eDuxTiGt2lpIMC95BA==
Message-ID: <F55F6290D5DF004D916C7855F56B098E5D64E0C3EF@XCH-NW-13V.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Fri, 04 Jun 2010 21:36:57 +0000
Subject: Error while Setting up IPsec in 2 vimages
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
	<freebsd-virtualization.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2010 21:30:38 -0000


I'm currently using FreeBSD 8.0 Stable and below I created 2 vimages. I'm t=
rying to setup tunnel mode IPsec using racoon for each vimage but got error=
 message for the vimage e0_n1.

[root@er2 /home/kwong]# vimage -c e0_n0
[root@er2 /home/kwong]# vimage e0_n0 ifconfig gif0 create
[root@er2 /home/kwong]# vimage -c e0_n1
[root@er2 /home/kwong]# vimage e0_n1 ifconfig gif0 create
ifconfig: SIOCIFCREATE2: File exists

But when I checked, gif0 is only in vimage e0_n0.

[root@er2 /home/kwong]# vimage e0_n0 ifconfig
lo0: flags=3D8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
        options=3D3<RXCSUM,TXCSUM>
gif0: flags=3D8010<POINTOPOINT,MULTICAST> metric 0 mtu 1280
        options=3D1<ACCEPT_REV_ETHIP_VER>
[root@er2 /home/kwong]# vimage e0_n1 ifconfig
lo0: flags=3D8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
        options=3D3<RXCSUM,TXCSUM>

Did I set up the vimages incorrectly??

Thanks
Kwong

Kwong-sang Yin  =1B$BSnW"@8=1B(B
Networked Systems Technology
Boeing Research and Technology
The Boeing Company
MC 7L-20

kwong-sang.yin@boeing.com



From owner-freebsd-virtualization@FreeBSD.ORG  Fri Jun  4 21:46:18 2010
Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG>
Delivered-To: freebsd-virtualization@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6ADFF106566B
	for <freebsd-virtualization@freebsd.org>;
	Fri,  4 Jun 2010 21:46:18 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3])
	by mx1.freebsd.org (Postfix) with ESMTP id F35848FC15
	for <freebsd-virtualization@freebsd.org>;
	Fri,  4 Jun 2010 21:46:17 +0000 (UTC)
Received: from localhost (amavis.fra.cksoft.de [192.168.74.71])
	by mail.cksoft.de (Postfix) with ESMTP id 0359041C756;
	Fri,  4 Jun 2010 23:46:17 +0200 (CEST)
X-Virus-Scanned: amavisd-new at cksoft.de
Received: from mail.cksoft.de ([192.168.74.103])
	by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new,
	port 10024)
	with ESMTP id zjjQRHJ5PNAF; Fri,  4 Jun 2010 23:46:16 +0200 (CEST)
Received: by mail.cksoft.de (Postfix, from userid 66)
	id 38BE441C752; Fri,  4 Jun 2010 23:46:16 +0200 (CEST)
Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net
	[10.111.66.10])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.int.zabbadoz.net (Postfix) with ESMTP id 2366F4448EC;
	Fri,  4 Jun 2010 21:45:58 +0000 (UTC)
Date: Fri, 4 Jun 2010 21:45:58 +0000 (UTC)
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
X-X-Sender: bz@maildrop.int.zabbadoz.net
To: "Yin, Kwong-Sang" <kwong-sang.yin@boeing.com>
In-Reply-To: <F55F6290D5DF004D916C7855F56B098E5D64E0C3EF@XCH-NW-13V.nw.nos.boeing.com>
Message-ID: <20100604214235.B43852@maildrop.int.zabbadoz.net>
References: <F55F6290D5DF004D916C7855F56B098E5D64E0C3EF@XCH-NW-13V.nw.nos.boeing.com>
X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>
Subject: Re: Error while Setting up IPsec in 2 vimages
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
	<freebsd-virtualization.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2010 21:46:18 -0000

On Fri, 4 Jun 2010, Yin, Kwong-Sang wrote:

>
> I'm currently using FreeBSD 8.0 Stable and below I created 2 vimages. I'm trying to setup tunnel mode IPsec using racoon for each vimage but got error message for the vimage e0_n1.
>
> [root@er2 /home/kwong]# vimage -c e0_n0
> [root@er2 /home/kwong]# vimage e0_n0 ifconfig gif0 create
> [root@er2 /home/kwong]# vimage -c e0_n1
> [root@er2 /home/kwong]# vimage e0_n1 ifconfig gif0 create
> ifconfig: SIOCIFCREATE2: File exists
>
> But when I checked, gif0 is only in vimage e0_n0.

You get an error when creating the 2mf gif interface.  None but
if_loop cloners are currently virtualized in a way that you can create
overlapping interface names between vnets.

I am have a prototype to fix the infrastructure rather than each
driver but it needs a bit of cleanup still.

You may want to create gif0 and a gif1 meanwhile; that should work.


/bz

PS: for tunnel mode IPsec you do not need gif tunnels at all.  You can
just setup ipsec.  If you need interfaces over ipsec for link state
protocols like OSPF you would want to configure transport mode for the
gif-tunnel endpoints and only protect those (the gif tunnel) and then
use routes.

-- 
Bjoern A. Zeeb      I will let you know once I escaped from my bird cage
and learnt to fly again.            -- Ottawa, ON, Canada, 21st May 2010