Re: Tunneling issues

Wed, 09 Jul 2008 11:04:50 -0700 

At 01:30 PM 7/9/2008, [EMAIL PROTECTED] wrote:


Seems pretty straight forward a tunnel.  But nothing heads out. Can't ping
a thing.



I think your tunnel endpoints are overlapping your remote subnets. 
The GIF tunnel IP addresses are not supposed to be on the same internal LAN.



If server 1's public IP is 1.1.1.1 and server 2 is 2.2.2.2 and 
server1's internet network is 192.168.1.0/24 and server2's inside 
network is 192.168.2.0/24


This should work.

#!/bin/sh
#server1 to connect to server2
MEOUTSIDE=1.1.1.1
MEINSIDE=10.10.69.1
REMOTEOUTSIDE=2.2.2.2
REMOTEINSIDE=10.10.69.2
REMOTENET=192.168.2.0/24
/sbin/ifconfig gif1 create tunnel $MEOUTSIDE $REMOTEOUTSIDE
/sbin/ifconfig gif1 $MEINSIDE netmask 255.255.255.252 $REMOTEINSIDE
/sbin/route delete $REMOTENET
/sbin/route add $REMOTENET $REMOTEINSIDE

#!/bin/sh
#server2 script to connect to server1
MEOUTSIDE=2.2.2.2
MEINSIDE=10.10.69.2
REMOTEOUTSIDE=1.1.1.1
REMOTEINSIDE=10.10.69.1
REMOTENET=192.168.1.0/24
/sbin/ifconfig gif1 create tunnel $MEOUTSIDE $REMOTEOUTSIDE
/sbin/ifconfig gif1 $MEINSIDE netmask 255.255.255.252 $REMOTEINSIDE
/sbin/route delete $REMOTENET
/sbin/route add $REMOTENET $REMOTEINSIDE



Also, dont confuse using GIF and IPSEC.  To create some IPSEC 
tunnels, you dont need gif or gre interfaces. The policies will do 
that for you.



        ---Mike




Server1

orange# more mkgif
#/bin/sh
ifconfig gif1 create
ifconfig gif1 1.1.1.1 2.2.2.2
ifconfig gif1 inet 192.168.72.1 192.168.70.1 netmask 255.255.255.0
ifconfig gif1 tunnel 1.1.1.1 2.2.2.2
ifconfig gif1 mtu 1500
route change 192.168.70.0 192.168.70.1 255.255.255.0
route change 192.168.71.0 192.168.70.1 255.255.255.0

Server2
to# more mkgif
#/bin/sh
ifconfig gif1 create
ifconfig gif1 2.2.2.2 1.1.1.1
ifconfig gif1 inet 192.168.70.1 192.168.72.1 netmask 255.255.255.0
ifconfig gif1 tunnel 2.2.2.2 1.1.1.1
ifconfig gif1 mtu 1500
route change 192.168.72.0 192.168.72.1 255.255.255.0


_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






















					Reply via email to