Howdy folks, I have a small pile of OpenVPN tunnels terminating on a "tunnel router" (FreeBSD -current on sparc64 with 5 hme ethernet interfaces). Tunnels carry general IP and OSPF traffic. They may carry IPv6 in the future, though that's not a necessity. The number of tunnels will grow over time and will likely start to include ipsec as well as the existing openvpn.
I'd like to perform netflow monitoring and collection on the box for the individual tunnels. Unfortunately, I'm not only net to netflow in general, all l I know about netgraph I learned from http://www.daemonnews.org/200003/netgraph.html (a fairly old article, too) :-) Taking a look at (and borrowing freely from) http://taosecurity.blogspot.com/2004/01/freebsd-kernel-module-for-generating.html, I see that I can do something like this (using tun0 as an example): kldload ng_ether kldload ng_tee kldload ng_netflow ngctl -f - << EOF mkpeer tun0: tee lower right connect tun0: tun0:lower upper left mkpeer tun0:lower netflow right2left iface0 name em0:lower.right2left netflow msg netflow: setifindex { iface=0 index=1 } mkpeer netflow: ksocket export inet/dgram/udp msg netflow:export conenct inet/127.0.0.1:4800 EOF I'm not sure if ng_ether covers tun interfaces or if it only covers the underlying ethernet interface. I'm also not sure that sending the netflow data to loopback is the most efficient way to get at it with the collector -- on a Cisco router, sending netflow data to a seperate host ameks sense, but it odesn't in my case. Is there a better way to do this? I'm also not sure what the best method is to collect data for multiple tun interfaces. I'm thinking of replicating the above netgraph config, but forwarding to different ports and running multiple collectors. Are there any good resources out there that someone could point me at? Alternatively, does anyone have some time to walk me through it off-list and I'll post a summary to the list afterwards (as well as write an article on it for http://www.seekingfire.com/documents/, since I'm planning on doing that anyway once I get this running nicely). Thanks, -T -- "To enjoy the flavor of life, take big bites. Moderation is for monks." -- Robert Heinlein _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
