VPN(touch-ID)/gif0/Dynamic Routing Issue [freeBSD 4.8 Release]

Amin Abdul amin_abdul at hotmail.com
Tue Nov 25 17:24:25 PST 2003 

Hello,

I have few questions regarding the Dynamic Rouitng (i.e. routed)  and gif0  
interface.

Questions:
1. There is any in-compatibility or known bug, if we use routed and  gif0  
interface together (I am using freeBSD 4.8 Release).

2. If there is no known bug then any one tested the above mention 
combination (routed and gif0 interface)

3. Is there any freeBSD document which describe how to  configure gif0 and 
routed together.

Details:
I go through the following documents:
http://www.freebsd.org/handbook/ipsec.html
http://asherah.dyndns.org/~josh/ipsec-howto.txt
and follow the following steps:

1. I am using the  www.freebsd.org/handbook/ipsec.html  diagram as my 
reference network

2. Configure the gif0 interface , it  work fine  (tested by ping and 
tcpdump)

3. Configure IPSec in Transport mode (since I am interested in forwarding  
dynamic  routing information over point-2-point VPN)  using 
draft-touch-ipsec- vpn approach,  i.e: IPSec policy

On Network 1:
spdadd A.B.C.D W.X.Y.Z any -P out ipsec esp/transport//use;
spdadd W.X.Y.Z A.B.C.D any -P in ipsec esp/transport//use;

On Network 2:
spdadd W.X.Y.Z A.B.C.D any -P out ipsec esp/transport//use;
spdadd A.B.C.D W.X.Y.Z any -P in ipsec esp/transport//use;

It works fine (ping and tcpdump).

3. Now I start "routed" with "-s" options, It never saw any  routing  
information  flow through the VPN (tcpdump).   But I saw some ERROR message 
(IP_ADD_MEMBERSHIP RIP) during system REBOOT

4. So, I disabled the IPSec and try again but I still saw no  routing  
information  over VPN (tcpdump). But I saw some ERROR message 
(IP_ADD_MEMBERSHIP RIP)  during system REBOOT

5. So, I disabled the gif0 interface as well, I saw the RIP  packets  
exchanges  between two freeBSD machine.

Summary:
1. routed works fine without gif0 interface.
2. VPN works fine without routed.


Thanks,
Amin

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*   
http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca

More information about the freebsd-questions mailing list