Date: Sun, 16 Aug 2015 21:54:36 +0800 From: Julian Elischer <julian@freebsd.org> To: James Lott <james@lottspot.com>, freebsd-net@freebsd.org Subject: Re: Ethernet tunneling options under FreeBSD Message-ID: <55D0961C.7090107@freebsd.org> In-Reply-To: <3236701.dypBHjs8Lg@arch_project> References: <55CD1CE6.2010502@lottspot.com> <55CE0659.6050206@freebsd.org> <3236701.dypBHjs8Lg@arch_project>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/15/15 10:40 AM, James Lott wrote: >> you haven't really described the network well enough.. >> try an ascii-art diagram (don't forget to set fixed width font :-) >> a VPN required two ends.. one is FreeBSD... what's the other? > The thing is, the "other" could be any number of operating systems. I'm > looking for a tunneling protocol with good cross-platform representation, but > the higher priority it enduring it tunnels ethernet frames. > > For the sake of example we can say the other end is a FreeBSD host, since > FreeBSD is looking like the "lowest common denominator" on this topic. > >> if both ends are FreeBSD there are dozens of possibilities.. >> for example: >> ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif >> >> ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif >> > I'm not overly concerned with the host side interfaces. What I'm really > concerned with is the tunneling protocol since that's what will need support > on all of my platforms. Thus, a solution requiring netgraph on both ends is > not an option in my case. > >> tap->ppp->ppp->tap > I have not found any ppp implementations under FreeBSD which support BCP. > To my understanding, that's the only method by which ethernet frames can be > tunneled over ppp... if I'm wrong, please do correct me! I would love nothing > more than to be wrong about that :) I have, in the past used UDP packets to encapsulate ethernet frames, and tunnelled them over a PPP link using mpd. I don't have specifics any more. I think there may be support in Openvpn for what you want but I've never tried it. > > On Friday, August 14, 2015 23:16:41 Julian Elischer wrote: >> On 8/14/15 6:40 AM, James Lott wrote: >>> Hello list, >>> >>> I am in the process of planning a build out of a L2 VPN, in which >>> I'd like to have my primary "switch" and DHCP server be a FreeBSD >>> system. I would like to join each new host to the VPN by >>> establishing an IP tunnel with the primary "switch" which transports >>> ethernet frames over the tunnel. >> you haven't really described the network well enough.. >> try an ascii-art diagram (don't forget to set fixed width font :-) >> a VPN required two ends.. one is FreeBSD... what's the other? >> >>> So far, the only protocol I have found supported by FreeBSD which >>> seems capable of this is EtherIP. As far as I can tell, it doesn't >>> look like there is any support for L2TPv3, and none of the PPP >>> implementations available appear to support BCP. >>> >>> I'm not completely opposed to using EtherIP, but if there is >>> something more modern which will meet my needs, I would probably try >>> that first. So my question becomes: >>> >>> * Does anyone know of a method supported under FreeBSD (other than >>> EtherIP) for tunneling ethernet over IP that they may be able to >>> suggest I check out? >> if both ends are FreeBSD there are dozens of possibilities.. >> for example: >> ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif >> >> ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif >> >> tap->ppp->ppp->tap >> >>> Thanks for any suggestions! >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55D0961C.7090107>