Re: Tunneling issues

Wed, 09 Jul 2008 10:49:35 -0700 

[EMAIL PROTECTED] wrote:

At 11:21 AM 7/9/2008, [EMAIL PROTECTED] wrote:


I agree it should work.  But it's not.  With respect to the next two
questions, yes and yes.

Can you post some of the configs you are using for 3 of the sites so
we can perhaps spot the problem(s) you are having ? I have a similar
setup with 5 sites, all talking to each other via IPSEC tunnels. Its
a lot of policies, but they work just fine.





I'm not a huge fan of OpenVPN, but the bigger issue is that the gif
tunnels come up at boot up. As well as routes.  Given the client server
nature of OpenVPN it is suitable, because if a server reboots, I'm not
certain a client would auto re-connect.

We have ~ 400 sites running OpenVPN across Canada that all reconnect
just fine after reboots / power cycles etc.  We dont let the clients
talk to each other, but that would just be a config change to allow
that to work.

         ---Mike


Last first.  Well that's good info on OpenVPN.

As to the first, I'm not even at the ipsec stage yet.  I'm just trying to
get tunnels up.  I wrote a couple of shell scripts to bring them up for
testing.

Server1

orange# more mkgif
#/bin/sh
ifconfig gif1 create
ifconfig gif1 1.1.1.1 2.2.2.2 

^^^^  what's that for?
since you over-ride it in the next line vvvvv



ifconfig gif1 inet 192.168.72.1 192.168.70.1 netmask 255.255.255.0


(PTP links don't have netmasks)


ifconfig gif1 tunnel 1.1.1.1 2.2.2.2





ifconfig gif1 mtu 1500
route change 192.168.70.0 192.168.70.1 255.255.255.0
route change 192.168.71.0 192.168.70.1 255.255.255.0

Server2
to# more mkgif
#/bin/sh
ifconfig gif1 create
ifconfig gif1 2.2.2.2 1.1.1.1
ifconfig gif1 inet 192.168.70.1 192.168.72.1 netmask 255.255.255.0
ifconfig gif1 tunnel 2.2.2.2 1.1.1.1
ifconfig gif1 mtu 1500
route change 192.168.72.0 192.168.72.1 255.255.255.0

Seems pretty straight forward a tunnel.  But nothing heads out. Can't ping
a thing.

I even tried a gre, when I did that I got a ping error.  Unfortunately I
can't find my note on the exact error.

Cheers,

Zaphod





_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to