You'll need multiple addresses, gif(4) tunnels, and bridges for this. If you only have 1 external address you may be able to create aliases with rfc1918 addresses on lo1 to use as the gif endpoints and carry these in an IPsec tunnel.
On 2011-06-20, Russell Sutherland <russell.sutherl...@utoronto.ca> wrote: > I am trying to create multiple L2 over L3 tunnels using OpenBSD. The man > page for gif(4), the generic tunnel interface, gives excellent instructions > for creating _one_ bridge over a wide area network to join two remote LANs. > > I have tried to extend this idea by bridging two other LANs over the same > gif0 tunnel. No such luck. Here's a representative stick diagram: > > > routerA routerB > LAN1 fxp1 fxp1 LAN1 > \ / > LAN2 fxp2--OpenBSD 1.2.3.4 --- WAN --- 4.3.2.1 OpenBSD fxp2 LAN2 > / fxp0 fxp0 \ > LAN3 fxp3 fxp3 LAN3 > > The first tunnel works as documented: > > routerA: > #cat /etc/hostname.bridge1 > up add fxp1 add gif0 > > #cat /etc/hostname.gif0 > tunnel 1.2.3.4 4.3.2.1 > > routerB: > #cat /etc/hostname.bridge1 > up add fxp1 add gif0 > #cat /etc/hostname.gif0 > tunnel 4.3.2.1 1.2.3.4 > > However if one tries to bridge the other LANS as follows: > #cat /etc/hostname.bridge2 > up add fxp2 add gif0 > > This fails. > > Does one need to create alias addresses on fxp0 and create gif1? > e.g. Tunnel 1.2.3.5 <-> 4.3.2.2 > > Or is there an easier way to do this? > > -- > Russell Sutherand > e: russell.sutherl...@utoronto.ca > t: +1.416.978.0470 > f: +1.416.978.6620 > m: +1.416.803.0080
