On Mon, Nov 14, 2016 at 04:50:21PM +0000, Comète wrote: > 14 novembre 2016 14:50 "Remi Locherer" <remi.loche...@relo.ch> a écrit: > > On > 2016-11-14 12:48, Comète wrote: > > > >> Hi, > >> I'm trying to run OSPFD over > IPSEC with OpenBSD 6.0 stable, so I first > >> start looking at > > http://undeadly.org/cgi?action=article&sid=20131105075303 > >> Now that etherip > has it's own interface in 6.0, I tried to replace gif > with > >> etherip like > this: [...] > > Can > you show pf.conf? Are there any blocks if you check on pflog0 with tcpdump? > > > > But why do you want to have Ethernet frames tunneled? If you use gif > interfaces > > and make ospfd beeing active on it you save a few bits. That way > you can make > > the MTU bigger. > https://cway.cisco.com/tools/ipsec-overhead-calc can give you > > and idea how > big your MTU can be (needs an account but is free). > > > > Be careful when > configuring gif interfaces. ospfd only recognizes that it is a > > > point-to-point interface when you configure the netmask as 255.255.255.255. > I finally got it working. I forgot the 'link2' option in /etc/hostname.bridge0 > : > > -=>> cat /etc/hostname.bridge0 > add etherip0 add vether0 > up link2 > > but it > wasn't enough... > I had to set 'net.inet.etherip.allow=1' in sysctl.conf > despite what it is said in the 'etherip' man page: > > "The sysctl(3) variable > net.inet.etherip.allow must be set to 1, unless ipsec(4) is being used to > protect the traffic." > > This is what I don't understand, is there any > particular case in this configuration or maybe something changed in 6.0 ? > thanks
I can not tell you what is wrong with your configuration. Im not using etherip. But why do you think you need to tunnel Ethernet? You don't need it for ospf. rWWith gif interfaces you're doing ip-over-ip and don't need bridge and vether. Then just add the gif interface to ospfd.conf.
