From owner-freebsd-net  Tue Aug 20 11:40:16 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9C6E037B401
	for <freebsd-net@freebsd.org>; Tue, 20 Aug 2002 11:40:08 -0700 (PDT)
Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 09A8143E4A
	for <freebsd-net@freebsd.org>; Tue, 20 Aug 2002 11:40:08 -0700 (PDT)
	(envelope-from julian@elischer.org)
Received: from InterJet.elischer.org ([12.232.206.8])
          by sccrmhc02.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020820184007.SRFC13899.sccrmhc02.attbi.com@InterJet.elischer.org>;
          Tue, 20 Aug 2002 18:40:07 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id LAA52299;
	Tue, 20 Aug 2002 11:29:12 -0700 (PDT)
Date: Tue, 20 Aug 2002 11:29:11 -0700 (PDT)
From: Julian Elischer <julian@elischer.org>
To: Steve Baxter <steve@pipenetworks.com>
Cc: vtun-users-admin@lists.sourceforge.net, freebsd-net@freebsd.org
Subject: Re: FreeBSD, netgraph, vtun, bridging and other tall tales
In-Reply-To: <Pine.LNX.4.33.0208201739581.20299-100000@internal.pipenetworks.com>
Message-ID: <Pine.BSF.4.21.0208201114200.52191-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org



On Tue, 20 Aug 2002, Steve Baxter wrote:

> 
> [apologies, I cross posted this to the freebsd networking list as well]
> 
> Hello,
> I run a vtun tunnel between box 1 and box two and it works very very well
> :-). Each box has two ethernet cards, one for the IP network and one for
> the LAN. Each box has a single bridge set up that bridges the tap device
> and the LAN facing Ethernet card.
> 
> What I was wondering is it possible to do the following :
> 

I don't know about vtun, but you could do this all entirely using 
netgraph as well. you would hook the 
netgraph bridge to netgraph ksocket udp nodes and
use ipsec to encrupt (transport mode) the intersite traffic.


> 
>                                          |LAN
>                                          |
>                                          |
>                                    +-----------+
>                               ____/| VTUN BOX 3|
>                        ______/     +-----------+
>                   ____/
>               IP NETWORK
>              _-----------_
>             /             \
>            /               \_
>           /                  \
>          /                    \
>  +-----------+            +-----------+
>  | VTUN BOX 1|            | VTUN BOX 2|
>  +-----------+            +-----------+
>    |                             |
>    |                             |
>    |                             |
>    |                             |
>    |                             |
>    |                             |
>    |                             |
>   LAN                            |
>                                 LAN
> 
> 
> We want to be able to bridge in box 3 three to vtun box 2.


ONLY to box 2?

what abut box 1?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message