Help "layering hooks" to network stack - ngctl
remodeler
remodeler at alentogroup.org
Sat Sep 26 02:46:25 UTC 2009
I am running a vimage-enabled kernel (8.0) for host/jails, and routing the
service jail's vnets with netgraph to a central ng_bridge. I would like to use
a SSL VPN to attach remote connections to the ng_bridge after nat'ing. The
three following pseudodevices seem to me like they are interacting with the
active network stack (vnet[null]?), but what I am hoping someone can tell me
is what order they interact with the packet-flow, or how I control that (or am
on a completely wrong track):
(*) OpenVPN uses a tun(4) virtual interface, which is a cloned interface of
the physical ethernet interface.
(*) natd(8) uses a divert(4) socket, so it is hooking into the network stack.
I could move this out into the netgraph architecture w/ ng_nat, but wonder if
natd can be used.
(*) ng_ether, which is a virtual interface and node.
If I enable all three devices (tun, divert, ng_ether) on the network stack,
can I control the flow of packets through them (i.e. NIC --> tun --> divert
--> ng_ether)?
Thank you in advance.
More information about the freebsd-net
mailing list