Problems with gif tunnels

Greg 'groggy' Lehey grog at FreeBSD.org
Tue Jun 7 09:37:21 GMT 2005 

I posted this message to the -questions list an hour or so ago.
Possibly it's of interest to people on this list.  Certainly the
problem is non-obvious, so even (as I suspect) if it's my fault, it
would be interesting to document the problem.

Greg

----- Forwarded message from Greg 'groggy' Lehey <grog at FreeBSD.org> -----

> Date: Tue, 7 Jun 2005 17:56:14 +0930
> From: Greg 'groggy' Lehey <grog at FreeBSD.org>
> To: FreeBSD Questions <questions at FreeBSD.org>
> Subject: Problems with gif tunnels
>
> I've just installed an ADSL line, and I'm trying to route a class C
> network.  For some reason the ISP does this kind of routing via a GRE
> tunnel, and I'm having the devil's own job getting it to work.  Here's
> the current situation:
>
> 1.  ADSL line is up and running.  I have a /30 with the following
>     addresses:
>
>     150.101.14.9		gateway address
>     150.101.14.10		local address
>
> 2.  To this line, I want to install a tunnel for 192.109.197.0/24.
>     The ISP tells me to set up a tunnel between the local address
>     (150.101.14.10) and their tunnel address 203.16.215.227.
>     According to recent (5.x) documentation, this should be done with:
>
>       ifconfig gif0 tunnel 150.101.14.10 203.16.215.227 up
>
> 3.  Obviously I also need to have IP forwarding enabled.
>
> So I do all this and get:
>
>   xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>           options=9<RXCSUM,VLAN_MTU>
>           inet 192.109.197.143 netmask 0xffffff00 broadcast 192.109.197.255
>           inet6 fe80::204:75ff:fefa:a80%xl0 prefixlen 64 scopeid 0x1
>           ether 00:04:75:fa:0a:80
>           media: Ethernet autoselect (10baseT/UTP)
>           status: active
>   rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>           options=8<VLAN_MTU>
>           inet6 fe80::202:44ff:fe59:7076%rl0 prefixlen 64 scopeid 0x2
>           inet 150.101.14.10 netmask 0xfffffffc broadcast 150.101.14.11
>           ether 00:02:44:59:70:76
>           media: Ethernet autoselect (10baseT/UTP)
>           status: active
>   gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1452
>           tunnel inet 150.101.14.10 --> 203.16.215.227
>           inet6 fe80::204:75ff:fefa:a80%gif0 prefixlen 64 scopeid 0x5
>
>   Destination        Gateway            Flags    Refs      Use  Netif Expire
>   default            150.101.14.9       UGS         0        7    rl0
>   150.101.14.8/30    link#2             UC          0        0    rl0
>   150.101.14.9       00:90:1a:40:09:98  UHLW        2        2    rl0    903
>   192.109.197        link#1             UC          0        0    xl0
>   192.109.197.135    00:10:4b:66:1e:e9  UHLW        0     6757    xl0   1056
>   192.109.197.137    00:50:da:cf:07:35  UHLW        0    99336    xl0   1188
>   192.109.197.255    ff:ff:ff:ff:ff:ff  UHLWb       0    34521    xl0
>   203.16.215.227     150.101.14.9       UGHS        1        4    rl0
>
>   net.inet.ip.forwarding: 1
>
> I then get somebody from the other end to ping me:
>
>   17:49:10.228597 IP 203.16.215.227 > 150.101.14.10: IP 192.83.231.16 > 192.109.197.145: icmp 64: echo request seq 6908
>   17:49:11.229188 IP 203.16.215.227 > 150.101.14.10: IP 192.83.231.16 > 192.109.197.145: icmp 64: echo request seq 6909
>
> But that's all.  Nothing goes out.  I've tried this on different
> systems, and I know somebody else who is using what looks like an
> identical configuration with this ISP, and it works fine.  I've tried
> different systems, one and two NICs, 4.x and 5.x, all with the same
> (non)result.  What am I missing?
>
> Greg
> --
> The virus contained in this message was not detected.
>
> When replying to this message, please copy the original recipients.
> If you don't, I may ignore the reply or reply to the original recipients.
> For more information, see http://www.lemis.com/questions.html
>
> Finger grog at FreeBSD.org for PGP public key.
> See complete headers for address and phone numbers.



----- End forwarded message -----

--
The virus contained in this message was not detected.

Finger grog at FreeBSD.org for PGP public key.
See complete headers for address and phone numbers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20050607/57e7e318/attachment.bin

More information about the freebsd-net mailing list