On Thursday, 9 June 2005 at 8:13:54 +0200, Gianmarco Giovannelli wrote: > At 02.10 09/06/2005, Greg 'groggy' Lehey wrote: >> On Thursday, 9 June 2005 at 1:46:00 +0200, Jeremie Le Hen wrote: >>> Greg, >>> >>>> My understanding is that GRE is to IP as PPP is to SLIP: it allows >>>> multiple protocols to be encapsulated. I've done some tracing with >>>> Ethereal, and the only difference is a four-byte header in front of >>>> the payload for GRE; in an IP tunnel, it's simply missing. I've >>>> written this up in my diary >>>> (http://www.lemis.com/grog/diary-jun2005.html#8), along with the >>>> traces. >>> >>> yes it's usually a simple four-byte header when doing a simple tunnel. >>> But from what I have read [1] and according to what Giorgos said, >>> it seems it can be a lot more longer, depending on the value of the >>> five first bits of the GRE header. >> >> Ah, that seems reasonable. > > Hi Greg, I have follow with interest this thread because I had a similar > problem sometimes ago and we din't succeded in resolve it as I like ... > > I had to connect a couple of a nets with a freebsd box and a linux box > (not managed by me). They insist to use the ipip tunnel (p:4)
What does p:4 mean? > and I think I should use the nos-tun interface we had in the base > system to let things works ourside. But it didn't do the job so we > had to switch on an ipsec tunnel (esp only) which works quite well > except a few things... Like performance? > Now I see I could simply use the gif interface (which I wrongly > suppose did only GRE tunnel :-) Indeed. It doesn't. > to connect to an ipip linux tunnel. Is this right ? Certainly you can do an IP tunnel with the gif interface. > And the nos-tun utility is so a basic replacement of the gif > interface ? I've also been told by people who have done it that nos-tun also works, though it looks a bit kludgy to me, so I haven't tried it. On Thursday, 9 June 2005 at 9:44:39 +0200, Jeremie Le Hen wrote: > > Given the simplicity of gif(4) IP-encapsulated packets, I wonder how > Linux guys could have implemented something else in their IPIP > module :-). Indeed. I'd guess that they got their terminology mixed up, and that they really meant a GRE tunnel. I have spent a *lot* of time scratching my head about this in the last couple of days. The documentation is anything but clear, but it does seem that Linux people prefer GRE. > I never set up such a tunnel between Linux and FreeBSD myself, but > from what I read [1], it seems to work well. > > Please, would you keep us informed whether this setup works for you > or not, it would be certainly worthwhile for the archives. Agreed. Greg -- The virus contained in this message was not detected. Finger [EMAIL PROTECTED] for PGP public key. See complete headers for address and phone numbers.
pgpRc9tGftyl0.pgp
Description: PGP signature
