From owner-freebsd-net@freebsd.org Sun Aug 16 14:05:03 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 81AC99BA857 for ; Sun, 16 Aug 2015 14:05:03 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 51E941269 for ; Sun, 16 Aug 2015 14:05:02 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-240-35.lns20.per4.internode.on.net [121.45.240.35]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id t7GE4wfi023439 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 16 Aug 2015 07:05:01 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: Ethernet tunneling options under FreeBSD To: James Lott , freebsd-net@freebsd.org References: <55CD1CE6.2010502@lottspot.com> <3236701.dypBHjs8Lg@arch_project> <2628655.0T22OuP5Ng@arch_project> From: Julian Elischer Message-ID: <55D09884.7010102@freebsd.org> Date: Sun, 16 Aug 2015 22:04:52 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <2628655.0T22OuP5Ng@arch_project> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Aug 2015 14:05:03 -0000 On 8/15/15 11:32 AM, James Lott wrote: > n2n honestly looks wonderful, but it also appears to be dead... I'm trying to > stay as close to the OS layer as possible with my options, so I would prefer > to limit the role of comprehensive software like OpenVPN or what > ZeroTierOne appears to be. > > I actually found this interesting github project, which provides a simple > solution for what I'm trying to do... > > https://github.com/vsergeev/tinytaptunnel you can do this on freebsd with no added software look at /usr/share/examples/netgraph. In particular the ether.bridge, virtual.lan and the udp.tunnel examples. You should be able to create a script that will tunnel two ethernet bridges together using elements from each script. I suspect you could make it totally compatible with tinytaptunnel. > > Unfortunately, it's written for Linux... and... in go... but the README at > least gave me a couple more ideas to look into. > > Feel free to keep coming with the suggestions if anyone has anymore! This is > great stuff > > On Saturday, August 15, 2015 13:05:17 Outback Dingo wrote: >> On Sat, Aug 15, 2015 at 12:40 PM, James Lott > wrote: >>>> you haven't really described the network well enough.. >>>> try an ascii-art diagram (don't forget to set fixed width font :-) >>>> a VPN required two ends.. one is FreeBSD... what's the other? >>> The thing is, the "other" could be any number of operating systems. I'm >>> looking for a tunneling protocol with good cross-platform representation, >>> but >>> the higher priority it enduring it tunnels ethernet frames. >>> >>> For the sake of example we can say the other end is a FreeBSD host, since >>> FreeBSD is looking like the "lowest common denominator" on this topic. >>> >>>> if both ends are FreeBSD there are dozens of possibilities.. >>>> for example: >>>> ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif >>>> >>>> ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif >>> I'm not overly concerned with the host side interfaces. What I'm really >>> concerned with is the tunneling protocol since that's what will need >>> support >>> on all of my platforms. Thus, a solution requiring netgraph on both ends >>> is >>> not an option in my case. >>> >>>> tap->ppp->ppp->tap >>> I have not found any ppp implementations under FreeBSD which support > BCP. >>> To my understanding, that's the only method by which ethernet frames can >>> be >>> tunneled over ppp... if I'm wrong, please do correct me! I would love >>> nothing >>> more than to be wrong about that :) >>> >>> On Friday, August 14, 2015 23:16:41 Julian Elischer wrote: >>>> On 8/14/15 6:40 AM, James Lott wrote: >>>>> Hello list, >>>>> >>>>> I am in the process of planning a build out of a L2 VPN, in which >>>>> I'd like to have my primary "switch" and DHCP server be a FreeBSD >>>>> system. I would like to join each new host to the VPN by >>>>> establishing an IP tunnel with the primary "switch" which transports >>>>> ethernet frames over the tunnel. >>>> you haven't really described the network well enough.. >>>> try an ascii-art diagram (don't forget to set fixed width font :-) >>>> a VPN required two ends.. one is FreeBSD... what's the other? >>>> >>>>> So far, the only protocol I have found supported by FreeBSD which >>>>> seems capable of this is EtherIP. As far as I can tell, it doesn't >>>>> look like there is any support for L2TPv3, and none of the PPP >>>>> implementations available appear to support BCP. >>>>> >>>>> I'm not completely opposed to using EtherIP, but if there is >>>>> something more modern which will meet my needs, I would probably > try >>>>> that first. So my question becomes: >>>>> >>>>> * Does anyone know of a method supported under FreeBSD (other than >>>>> EtherIP) for tunneling ethernet over IP that they may be able to >>>>> suggest I check out? >>>> if both ends are FreeBSD there are dozens of possibilities.. >>>> for example: >>>> ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif >>>> >>>> ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif >>>> >>>> tap->ppp->ppp->tap >>>> >>>>> Thanks for any suggestions! >> theres also N2N which is pretty nice, and well ZeroTierOne which is >> somewhat unique >> >>>>> _______________________________________________ >>>>> freebsd-net@freebsd.org mailing list >>>>> https://lists.freebsd.org/mailman/listinfo/freebsd-net >>>>> To unsubscribe, send any mail to "freebsd-net- > unsubscribe@freebsd.org" >>>> _______________________________________________ >>>> freebsd-net@freebsd.org mailing list >>>> https://lists.freebsd.org/mailman/listinfo/freebsd-net >>>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>> -- >>> James Lott >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"