Milan Obuch wrote this message on Mon, Aug 15, 2022 at 08:53 +0200:
> I tried to mimic this in FreeBSD with following commands:
>
> ifconfig gre1 create tunnel 172.16.1.1 172.16.0.1 vnet ov1
> jexec ov1 ifconfig gre1 10.1.0.2/30 10.1.0.1
>
> This does not work. I found some older post which made me believing
> this is caused by clearing whole tunnel configuration after moving
> interface into different vnet. My (failed) tests indicate this is most
> probably the cause.
>
> So, my question is, does anybody use tunnel interface similar way? Is
> it possible to achieve what I am trying with netgraph? I am able to
> create some inter-vnet link using epair interface, but this is
> something different. Or ideally, is somebody using IPSEC with VNET
> jails, processing encapsulating packets in base and raw content in some
> child vnet?
This doesn't work since the tunnel interface needs to see the interface
with the IP to route it to, and since it's in another jail/vnet, it can't
get there.
The closes thing I can think of is putting an epair in w/ the tunnel
interface, and routing the tunnel out of the vnet via the epair interface...
Does this make sense?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
