From owner-freebsd-net@freebsd.org Sat Aug 15 02:42:12 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 914739B954A for ; Sat, 15 Aug 2015 02:42:12 +0000 (UTC) (envelope-from james@lottspot.com) Received: from mx0.lottspot.com (sfo.lottspot.com [198.199.98.33]) by mx1.freebsd.org (Postfix) with ESMTP id 6A8CA170B for ; Sat, 15 Aug 2015 02:42:11 +0000 (UTC) (envelope-from james@lottspot.com) Received: from localhost (localhost [127.0.0.1]) by mail.lottspot.com (Postfix) with ESMTP id 9BE2741298 for ; Fri, 14 Aug 2015 19:42:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lottspot.com; h= content-type:content-type:content-transfer-encoding:mime-version :references:in-reply-to:user-agent:organization:message-id:date :date:subject:subject:from:from:received:received; s=mail; t= 1439606470; bh=iRWs93L7MdvbY73GoTGCNuOI7Hb6tJnYTWJQOBe/J2I=; b=U W0yzIkahsI/ZGppu6dVcYalcBpnVtV7UlqVvoxOOMrYZk6Ye3hHaxQNdmevi531p QkvfzHzFxMBBprYuxbWuOEKh6AbBz8CmBTam0/yr+E6YPTdPEc3p8ay9EYg/t1x4 W6MPh8y0CsIJWYXUX/OG39WLPjcvF6jPQOkgyn3Kmw= X-Virus-Scanned: amavisd-new at lottspot.com Received: from mx0.lottspot.com ([127.0.0.1]) by localhost (mail.lottspot.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id LOICeQDPUtA8 for ; Fri, 14 Aug 2015 19:41:10 -0700 (PDT) Received: from arch_project.localnet (h69-131-58-73.nrfdvt.dsl.dynamic.tds.net [69.131.58.73]) by mx0.lottspot.com (Postfix) with ESMTPSA id 1E544403C6 for ; Fri, 14 Aug 2015 19:41:10 -0700 (PDT) From: James Lott To: freebsd-net@freebsd.org Subject: Re: Ethernet tunneling options under FreeBSD Date: Fri, 14 Aug 2015 19:40:45 -0700 Message-ID: <3236701.dypBHjs8Lg@arch_project> Organization: LottSpot User-Agent: KMail/4.14.10 (Linux/4.1.4-1-ARCH; KDE/4.14.10; x86_64; ; ) In-Reply-To: <55CE0659.6050206@freebsd.org> References: <55CD1CE6.2010502@lottspot.com> <55CE0659.6050206@freebsd.org> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Aug 2015 02:42:12 -0000 > you haven't really described the network well enough.. > try an ascii-art diagram (don't forget to set fixed width font :-) > a VPN required two ends.. one is FreeBSD... what's the other? The thing is, the "other" could be any number of operating systems. I'm looking for a tunneling protocol with good cross-platform representation, but the higher priority it enduring it tunnels ethernet frames. For the sake of example we can say the other end is a FreeBSD host, since FreeBSD is looking like the "lowest common denominator" on this topic. > if both ends are FreeBSD there are dozens of possibilities.. > for example: > ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif > > ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif > I'm not overly concerned with the host side interfaces. What I'm really concerned with is the tunneling protocol since that's what will need support on all of my platforms. Thus, a solution requiring netgraph on both ends is not an option in my case. > tap->ppp->ppp->tap I have not found any ppp implementations under FreeBSD which support BCP. To my understanding, that's the only method by which ethernet frames can be tunneled over ppp... if I'm wrong, please do correct me! I would love nothing more than to be wrong about that :) On Friday, August 14, 2015 23:16:41 Julian Elischer wrote: > On 8/14/15 6:40 AM, James Lott wrote: > > Hello list, > > > > I am in the process of planning a build out of a L2 VPN, in which > > I'd like to have my primary "switch" and DHCP server be a FreeBSD > > system. I would like to join each new host to the VPN by > > establishing an IP tunnel with the primary "switch" which transports > > ethernet frames over the tunnel. > > you haven't really described the network well enough.. > try an ascii-art diagram (don't forget to set fixed width font :-) > a VPN required two ends.. one is FreeBSD... what's the other? > > > So far, the only protocol I have found supported by FreeBSD which > > seems capable of this is EtherIP. As far as I can tell, it doesn't > > look like there is any support for L2TPv3, and none of the PPP > > implementations available appear to support BCP. > > > > I'm not completely opposed to using EtherIP, but if there is > > something more modern which will meet my needs, I would probably try > > that first. So my question becomes: > > > > * Does anyone know of a method supported under FreeBSD (other than > > EtherIP) for tunneling ethernet over IP that they may be able to > > suggest I check out? > > if both ends are FreeBSD there are dozens of possibilities.. > for example: > ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif > > ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif > > tap->ppp->ppp->tap > > > Thanks for any suggestions! > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- James Lott