Connect two LANs over an IPv4 tunnel?

Walter Hop freebsd at walter.transip.nl
Wed Nov 5 18:12:16 PST 2003 

Hi all,

I have a networking problem that I am trying to solve with FreeBSD.

I would like to connect two networks (home and work), so that I can set
up my home workstations in the same subnet as the work LAN. Out of this
/24, I would like to use a /29 at home.

On both LANs I have a FreeBSD box; workbox is 5.1R and homebox is
4-STABLE. Both boxes can reach eachother over the IPv4 internet.

(attempt 1)

The OpenBSD man page mentioned bridge and gif in one sentence, so I was
hoping that setting up a layer 2 bridge would be as easy as configuring a
gif tunnel and bridging over it, but as I feared, gif is no ethernet
device and this did not work:
Nov  6 00:17:04 home /kernel: gif1 is not an ethernet, continue

So that plan is foiled.

(attempt 2)

The gif tunnel worked and the boxes can ping eachother over it, so I
assigned private addresses to the gif endpoints. Then I tried adding some
home IP aliases to the work box's ethernet interface and using forwarding
and "route delete/add" in the hope that packets would be routed to the
gateway in private-space across gif1.

Routing to the home IP's works LOCALLY from workbox, but when other
machines in the work subnet ping a home address, they receive a reply
from the workbox itself.

I do not know of another way to have workbox answer ARP for the home
IP's. (I considered setting the interface in promiscuous mode in the
hopes of having the kernel accept and forward the packet anyway, but the
ethernet is switched so nobody will know where to send it.)


Unfortunately, at work I have no control over the default gateway, so I
cannot set up static routes with workbox as the next-hop.

I am now wondering what I can do to create a setup like this. Is this
even possible, or am I thinking in the wrong direction? Any advice would
be appreciated.

I am not looking for bridging of Ethernet frames per se; I am only
interested in IP packets. Both networks use RFC1918 private addresses.

How would one approach a situation like this? Is there actually a
solution?

Thanks for reading :)
walter

More information about the freebsd-net mailing list