Date: Wed, 09 Jul 2008 14:04:29 -0400 From: Mike Tancsa <mike@sentex.net> To: zaphod@fsklaw.com, freebsd-net@freebsd.org Subject: Re: Tunneling issues Message-ID: <200807091804.m69I4VOh031916@lava.sentex.ca> In-Reply-To: <ae8c87bc77551550826e2906287c4cf0.squirrel@cor> References: <8f7879db41dbaecc479a017110e8f32f.squirrel@cor> <200807040155.m641tl8s000607@lava.sentex.ca> <7904ac587e71a42fb86c2bbe77bde0ae.squirrel@cor> <200807091545.m69FjcP4031350@lava.sentex.ca> <ae8c87bc77551550826e2906287c4cf0.squirrel@cor>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:30 PM 7/9/2008, zaphod@fsklaw.com wrote:
>Seems pretty straight forward a tunnel. But nothing heads out. Can't ping
>a thing.
I think your tunnel endpoints are overlapping your remote subnets.
The GIF tunnel IP addresses are not supposed to be on the same internal LAN.
If server 1's public IP is 1.1.1.1 and server 2 is 2.2.2.2 and
server1's internet network is 192.168.1.0/24 and server2's inside
network is 192.168.2.0/24
This should work.
#!/bin/sh
#server1 to connect to server2
MEOUTSIDE=1.1.1.1
MEINSIDE=10.10.69.1
REMOTEOUTSIDE=2.2.2.2
REMOTEINSIDE=10.10.69.2
REMOTENET=192.168.2.0/24
/sbin/ifconfig gif1 create tunnel $MEOUTSIDE $REMOTEOUTSIDE
/sbin/ifconfig gif1 $MEINSIDE netmask 255.255.255.252 $REMOTEINSIDE
/sbin/route delete $REMOTENET
/sbin/route add $REMOTENET $REMOTEINSIDE
#!/bin/sh
#server2 script to connect to server1
MEOUTSIDE=2.2.2.2
MEINSIDE=10.10.69.2
REMOTEOUTSIDE=1.1.1.1
REMOTEINSIDE=10.10.69.1
REMOTENET=192.168.1.0/24
/sbin/ifconfig gif1 create tunnel $MEOUTSIDE $REMOTEOUTSIDE
/sbin/ifconfig gif1 $MEINSIDE netmask 255.255.255.252 $REMOTEINSIDE
/sbin/route delete $REMOTENET
/sbin/route add $REMOTENET $REMOTEINSIDE
Also, dont confuse using GIF and IPSEC. To create some IPSEC
tunnels, you dont need gif or gre interfaces. The policies will do
that for you.
---Mike
>Server1
>
>orange# more mkgif
>#/bin/sh
>ifconfig gif1 create
>ifconfig gif1 1.1.1.1 2.2.2.2
>ifconfig gif1 inet 192.168.72.1 192.168.70.1 netmask 255.255.255.0
>ifconfig gif1 tunnel 1.1.1.1 2.2.2.2
>ifconfig gif1 mtu 1500
>route change 192.168.70.0 192.168.70.1 255.255.255.0
>route change 192.168.71.0 192.168.70.1 255.255.255.0
>
>Server2
>to# more mkgif
>#/bin/sh
>ifconfig gif1 create
>ifconfig gif1 2.2.2.2 1.1.1.1
>ifconfig gif1 inet 192.168.70.1 192.168.72.1 netmask 255.255.255.0
>ifconfig gif1 tunnel 2.2.2.2 1.1.1.1
>ifconfig gif1 mtu 1500
>route change 192.168.72.0 192.168.72.1 255.255.255.0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807091804.m69I4VOh031916>