Problems with gif tunnels

Greg 'groggy' Lehey grog at FreeBSD.org
Thu Jun 9 07:54:11 GMT 2005 

On Thursday,  9 June 2005 at  8:13:54 +0200, Gianmarco Giovannelli wrote:
> At 02.10 09/06/2005, Greg 'groggy' Lehey wrote:
>> On Thursday,  9 June 2005 at  1:46:00 +0200, Jeremie Le Hen wrote:
>>> Greg,
>>>
>>>> My understanding is that GRE is to IP as PPP is to SLIP: it allows
>>>> multiple protocols to be encapsulated.  I've done some tracing with
>>>> Ethereal, and the only difference is a four-byte header in front of
>>>> the payload for GRE; in an IP tunnel, it's simply missing.  I've
>>>> written this up in my diary
>>>> (http://www.lemis.com/grog/diary-jun2005.html#8), along with the
>>>> traces.
>>>
>>> yes it's usually a simple four-byte header when doing a simple tunnel.
>>> But from what I have read [1] and according to what Giorgos said,
>>> it seems it can be a lot more longer, depending on the value of the
>>> five first bits of the GRE header.
>>
>> Ah, that seems reasonable.
>
> Hi Greg, I have follow with interest this thread because I had a similar
> problem sometimes ago and we din't succeded in resolve it as I like ...
>
> I had to connect a couple of  a nets with a freebsd box and a linux box
> (not managed by me). They insist to use the ipip tunnel (p:4)

What does p:4 mean?

> and I think I should use the nos-tun interface we had in the base
> system to let things works ourside. But it didn't do the job so we
> had to switch on an ipsec tunnel (esp only) which works quite well
> except a few things...

Like performance?

> Now I see I could simply use the gif interface (which I wrongly
> suppose did only GRE tunnel :-)

Indeed.  It doesn't.

> to connect to an ipip linux tunnel. Is this right ?

Certainly you can do an IP tunnel with the gif interface.

> And the nos-tun utility is so a basic replacement of the gif
> interface ?

I've also been told by people who have done it that nos-tun also
works, though it looks a bit kludgy to me, so I haven't tried it.

On Thursday,  9 June 2005 at  9:44:39 +0200, Jeremie Le Hen wrote:
>
> Given the simplicity of gif(4) IP-encapsulated packets, I wonder how
> Linux  guys could  have  implemented something  else  in their  IPIP
> module :-).

Indeed.  I'd guess that they got their terminology mixed up, and that
they really meant a GRE tunnel.  I have spent a *lot* of time
scratching my head about this in the last couple of days.  The
documentation is anything but clear, but it does seem that Linux
people prefer GRE.

> I never set up such a tunnel between Linux and FreeBSD myself, but
> from what I read [1], it seems to work well.
>
> Please, would you keep us informed whether this setup works for you
> or not, it would be certainly worthwhile for the archives.

Agreed.

Greg
--
The virus contained in this message was not detected.

Finger grog at FreeBSD.org for PGP public key.
See complete headers for address and phone numbers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20050609/79883b11/attachment.bin

More information about the freebsd-net mailing list