Tunneling issues

Julian Elischer julian at elischer.org
Wed Jul 9 17:49:21 UTC 2008 

zaphod at fsklaw.com wrote:
>> At 11:21 AM 7/9/2008, zaphod at fsklaw.com wrote:
>>
>>> I agree it should work.  But it's not.  With respect to the next two
>>> questions, yes and yes.
>> Can you post some of the configs you are using for 3 of the sites so
>> we can perhaps spot the problem(s) you are having ? I have a similar
>> setup with 5 sites, all talking to each other via IPSEC tunnels. Its
>> a lot of policies, but they work just fine.
>>
>>
>>
>>
>>> I'm not a huge fan of OpenVPN, but the bigger issue is that the gif
>>> tunnels come up at boot up. As well as routes.  Given the client server
>>> nature of OpenVPN it is suitable, because if a server reboots, I'm not
>>> certain a client would auto re-connect.
>> We have ~ 400 sites running OpenVPN across Canada that all reconnect
>> just fine after reboots / power cycles etc.  We dont let the clients
>> talk to each other, but that would just be a config change to allow
>> that to work.
>>
>>          ---Mike
>>
> Last first.  Well that's good info on OpenVPN.
> 
> As to the first, I'm not even at the ipsec stage yet.  I'm just trying to
> get tunnels up.  I wrote a couple of shell scripts to bring them up for
> testing.
> 
> Server1
> 
> orange# more mkgif
> #/bin/sh
> ifconfig gif1 create
> ifconfig gif1 1.1.1.1 2.2.2.2 

^^^^  what's that for?
since you over-ride it in the next line vvvvv


> ifconfig gif1 inet 192.168.72.1 192.168.70.1 netmask 255.255.255.0

(PTP links don't have netmasks)

> ifconfig gif1 tunnel 1.1.1.1 2.2.2.2



> ifconfig gif1 mtu 1500
> route change 192.168.70.0 192.168.70.1 255.255.255.0
> route change 192.168.71.0 192.168.70.1 255.255.255.0
> 
> Server2
> to# more mkgif
> #/bin/sh
> ifconfig gif1 create
> ifconfig gif1 2.2.2.2 1.1.1.1
> ifconfig gif1 inet 192.168.70.1 192.168.72.1 netmask 255.255.255.0
> ifconfig gif1 tunnel 2.2.2.2 1.1.1.1
> ifconfig gif1 mtu 1500
> route change 192.168.72.0 192.168.72.1 255.255.255.0
> 
> Seems pretty straight forward a tunnel.  But nothing heads out. Can't ping
> a thing.
> 
> I even tried a gre, when I did that I got a ping error.  Unfortunately I
> can't find my note on the exact error.
> 
> Cheers,
> 
> Zaphod
>>
> 
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list