VPN / Bridge

Fabian Keil freebsd-listen at fabiankeil.de
Fri Jan 27 06:07:52 PST 2006 

Bob Kersten <bob_freebsd_questions at fellownet.com> wrote:

> On 25-jan-2006, at 11:57, Fabian Keil wrote:
> 
> > root at TP51 ~ #ifconfig gif0 tunnel 1.2.3.4 5.6.7.8 up
> > root at TP51 ~ #ifconfig bridge0 create
> > root at TP51 ~ #ifconfig bridge0 addm ndis0 addm gif0 up
> > root at TP51 ~ #ifconfig bridge0
> > bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> >         ether ac:de:48:f4:4e:9c
> >         priority 32768 hellotime 2 fwddelay 15 maxage 20
> >         member: gif0 flags=3<LEARNING,DISCOVER>
> >         member: ndis0 flags=3<LEARNING,DISCOVER>
> >
> > BTW: man if_config says all members of the bridge are required to
> > have the same MTU, but ifconfig doesn't seem to check it.
> > My setup wouldn't work as gif0 has a MTU of 1280.
> 
> Gjee ... I'm still not able to add the gif0 device to my bridge0.
> 
> I'm using FreeBSD6.0 and I've fixed the mtu on my gif0 device to be  
> 1500. These are the steps that I take:
> 
> [/] root at spike> ifconfig gif0 create
> [/] root at spike> ifconfig gif0 tunnel 1.2.3.4 5.6.7.8 mtu 1500 up
> [/] root at spike> ifconfig bridge0 create
> [/] root at spike> ifconfig bridge0 addm fxp0
> [/] root at spike> ifconfig bridge0 addm gif0
> ifconfig: BRDGADD gif0: Invalid argument
> 
> [/] root at spike> ifconfig
> fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu  
> 1500
>          options=8<VLAN_MTU>
>          inet6 fe80::202:a5ff:fe26:6e45%fxp0 prefixlen 64 scopeid 0x1
>          inet 192.168.100.101 netmask 0xffffff00 broadcast  
> 192.168.100.255
>          ether 00:02:a5:26:6e:45
>          media: Ethernet autoselect (100baseTX <full-duplex>)
>          status: active
> rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>          options=8<VLAN_MTU>
>          inet6 fe80::2e0:xxxx:xxxx:xxxx%rl0 prefixlen 64 scopeid 0x2
>          inet 1.2.3.4 netmask 0xfffffe00 broadcast 83.160.3.255
>          ether 00:e0:4c:a2:b5:f6
>          media: Ethernet autoselect (100baseTX <full-duplex>)
>          status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>          inet6 ::1 prefixlen 128
>          inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
>          inet 127.0.0.1 netmask 0xff000000
> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
>          tunnel inet 1.2.3.4 --> 5.6.7.8
>          inet6 fe80::202:a5ff:xxxx:xxxx%gif0 prefixlen 64 scopeid 0x4
> bridge0: flags=8000<MULTICAST> mtu 1500
>          ether ac:de:48:ee:6a:cf
>          priority 32768 hellotime 2 fwddelay 15 maxage 20
>          member: fxp0 flags=3<LEARNING,DISCOVER>
> 
> The 'fake' ip addresses don't matter, it doesn't work with real  
> addresses either. It seems as if gif0 is not accepted as 'real'  
> ethernet device when trying to add it to the bridge. Maybe this
> isn't the right way to achive the VPN with all clients in the same
> subnet.

I don't know if it means anything, but our bridges seem to be
different. Yours doesn't have the broadcast flag.

Fabian
-- 
http://www.fabiankeil.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060127/172345c7/signature.bin

More information about the freebsd-questions mailing list