I am running a vimage-enabled kernel (8.0) for host/jails, and routing the service jail's vnets with netgraph to a central ng_bridge. I would like to use a SSL VPN to attach remote connections to the ng_bridge after nat'ing. The three following pseudodevices seem to me like they are interacting with the active network stack (vnet[null]?), but what I am hoping someone can tell me is what order they interact with the packet-flow, or how I control that (or am on a completely wrong track):
(*) OpenVPN uses a tun(4) virtual interface, which is a cloned interface of the physical ethernet interface. (*) natd(8) uses a divert(4) socket, so it is hooking into the network stack. I could move this out into the netgraph architecture w/ ng_nat, but wonder if natd can be used. (*) ng_ether, which is a virtual interface and node. If I enable all three devices (tun, divert, ng_ether) on the network stack, can I control the flow of packets through them (i.e. NIC --> tun --> divert --> ng_ether)? Thank you in advance. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
