VPN / Bridge
Fabian Keil
freebsd-listen at fabiankeil.de
Fri Jan 27 06:07:52 PST 2006
Bob Kersten <bob_freebsd_questions at fellownet.com> wrote:
> On 25-jan-2006, at 11:57, Fabian Keil wrote:
>
> > root at TP51 ~ #ifconfig gif0 tunnel 1.2.3.4 5.6.7.8 up
> > root at TP51 ~ #ifconfig bridge0 create
> > root at TP51 ~ #ifconfig bridge0 addm ndis0 addm gif0 up
> > root at TP51 ~ #ifconfig bridge0
> > bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> > ether ac:de:48:f4:4e:9c
> > priority 32768 hellotime 2 fwddelay 15 maxage 20
> > member: gif0 flags=3<LEARNING,DISCOVER>
> > member: ndis0 flags=3<LEARNING,DISCOVER>
> >
> > BTW: man if_config says all members of the bridge are required to
> > have the same MTU, but ifconfig doesn't seem to check it.
> > My setup wouldn't work as gif0 has a MTU of 1280.
>
> Gjee ... I'm still not able to add the gif0 device to my bridge0.
>
> I'm using FreeBSD6.0 and I've fixed the mtu on my gif0 device to be
> 1500. These are the steps that I take:
>
> [/] root at spike> ifconfig gif0 create
> [/] root at spike> ifconfig gif0 tunnel 1.2.3.4 5.6.7.8 mtu 1500 up
> [/] root at spike> ifconfig bridge0 create
> [/] root at spike> ifconfig bridge0 addm fxp0
> [/] root at spike> ifconfig bridge0 addm gif0
> ifconfig: BRDGADD gif0: Invalid argument
>
> [/] root at spike> ifconfig
> fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
> 1500
> options=8<VLAN_MTU>
> inet6 fe80::202:a5ff:fe26:6e45%fxp0 prefixlen 64 scopeid 0x1
> inet 192.168.100.101 netmask 0xffffff00 broadcast
> 192.168.100.255
> ether 00:02:a5:26:6e:45
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=8<VLAN_MTU>
> inet6 fe80::2e0:xxxx:xxxx:xxxx%rl0 prefixlen 64 scopeid 0x2
> inet 1.2.3.4 netmask 0xfffffe00 broadcast 83.160.3.255
> ether 00:e0:4c:a2:b5:f6
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
> inet 127.0.0.1 netmask 0xff000000
> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
> tunnel inet 1.2.3.4 --> 5.6.7.8
> inet6 fe80::202:a5ff:xxxx:xxxx%gif0 prefixlen 64 scopeid 0x4
> bridge0: flags=8000<MULTICAST> mtu 1500
> ether ac:de:48:ee:6a:cf
> priority 32768 hellotime 2 fwddelay 15 maxage 20
> member: fxp0 flags=3<LEARNING,DISCOVER>
>
> The 'fake' ip addresses don't matter, it doesn't work with real
> addresses either. It seems as if gif0 is not accepted as 'real'
> ethernet device when trying to add it to the bridge. Maybe this
> isn't the right way to achive the VPN with all clients in the same
> subnet.
I don't know if it means anything, but our bridges seem to be
different. Yours doesn't have the broadcast flag.
Fabian
--
http://www.fabiankeil.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060127/172345c7/signature.bin
More information about the freebsd-questions
mailing list