Ethernet tunneling options under FreeBSD

James Lott james at lottspot.com
Sun Aug 16 14:21:25 UTC 2015 

> 
> I have, in the past used UDP packets to encapsulate ethernet frames,
> and tunnelled them over a PPP link using mpd.
> I don't have specifics any more. I think there may be support in
> Openvpn for what you want but I've never tried it.
> 

How interesting.. That is definitely something worth looking into then.

OpenVPN is fine, and I will probably use it as a component in the big picture 
of my solution, but it's honestly not my favorite solution to manage, so I 
would prefer to have as few clients on it as possible.

Although I really was gunning for a pure kernel space solution, what I think 
I'm going to end up using as the center piece of this network is tinc. It's 
mesh networking is really what won me over. If I could find a decent way to 
secure vxlans over the open internet, I would probably have gone that route 
instead.

On Sunday, August 16, 2015 21:54:36 Julian Elischer wrote:
> On 8/15/15 10:40 AM, James Lott wrote:
> >> you haven't really described the network well enough..
> >> try an ascii-art diagram (don't forget to set fixed width font :-)
> >> a VPN required two ends.. one is FreeBSD... what's the other?
> > 
> > The thing is, the "other" could be any number of operating systems. I'm
> > looking for a tunneling protocol with good cross-platform representation,
> > but the higher priority it enduring it tunnels ethernet frames.
> > 
> > For the sake of example we can say the other end is a FreeBSD host, since
> > FreeBSD is looking like the "lowest common denominator" on this topic.
> > 
> >> if both ends are FreeBSD there are dozens of possibilities..
> >> for example:
> >> ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif
> >> 
> >> ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif
> > 
> > I'm not overly concerned with the host side interfaces. What I'm really
> > concerned with is the tunneling protocol since that's what will need
> > support on all of my platforms. Thus, a solution requiring netgraph on
> > both ends is not an option in my case.
> > 
> >> tap->ppp->ppp->tap
> > 
> > I have not found any ppp implementations under FreeBSD which support 
BCP.
> > To my understanding, that's the only method by which ethernet frames can
> > be
> > tunneled over ppp... if I'm wrong, please do correct me! I would love
> > nothing more than to be wrong about that :)
> 
> I have, in the past used UDP packets to encapsulate ethernet frames,
> and tunnelled them over a PPP link using mpd.
> I don't have specifics any more. I think there may be support in
> Openvpn for what you want but I've never tried it.
> 
> > On Friday, August 14, 2015 23:16:41 Julian Elischer wrote:
> >> On 8/14/15 6:40 AM, James Lott wrote:
> >>> Hello list,
> >>> 
> >>> I am in the process of planning a build out of a L2 VPN, in which
> >>> I'd like to have my primary "switch" and DHCP server be a FreeBSD
> >>> system. I would like to join each new host to the VPN by
> >>> establishing an IP tunnel with the primary "switch" which transports
> >>> ethernet frames over the tunnel.
> >> 
> >> you haven't really described the network well enough..
> >> try an ascii-art diagram (don't forget to set fixed width font :-)
> >> a VPN required two ends.. one is FreeBSD... what's the other?
> >> 
> >>> So far, the only protocol I have found supported by FreeBSD which
> >>> seems capable of this is EtherIP. As far as I can tell, it doesn't
> >>> look like there is any support for L2TPv3, and none of the PPP
> >>> implementations available appear to support BCP.
> >>> 
> >>> I'm not completely opposed to using EtherIP, but if there is
> >>> something more modern which will meet my needs, I would probably 
try
> >>> that first. So my question becomes:
> >>> 
> >>> * Does anyone know of a method supported under FreeBSD (other than
> >>> EtherIP) for tunneling ethernet over IP that they may be able to
> >>> suggest I check out?
> >> 
> >> if both ends are FreeBSD there are dozens of possibilities..
> >> for example:
> >> ng_eif->netgraph->ppp->ipsec->ppp->netgraph->ng_eif
> >> 
> >> ng_eif->ng_ksock(udp)->IPsec->ng_ksock->ng_eif
> >> 
> >> tap->ppp->ppp->tap
> >> 
> >>> Thanks for any suggestions!
> >>> _______________________________________________
> >>> freebsd-net at freebsd.org mailing list
> >>> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> >>> To unsubscribe, send any mail to "freebsd-net-
unsubscribe at freebsd.org"
> >> 
> >> _______________________________________________
> >> freebsd-net at freebsd.org mailing list
> >> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> >> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

-- 
James Lott

More information about the freebsd-net mailing list