On 2007/01/21 14:59, stan wrote: > On Wed, Jan 17, 2007 at 03:35:57PM +0000, Stuart Henderson wrote: (hmm, ntpd+zaurus+zzz = occasional rifts in the space-time continuum)
> > > Can anyone point me to some information as to how I need to change things > > > to get this working at this level? > > > > yes: brconfig(8) > > Thanks, that looks like it covers a lot of what I need. > > One question, if I might. Since I already have the IP link up, I don't need > to create new SA's, just for the bridge to tunnel layer 2 traffic, do I? As long as the packets from the gif tunnel are covered by the SA, that should be fine - they'll be protocol 97 (etherip) between the ip addresses of the two isakmpd boxes. Also watch out for packet sizes, I'm not sure how fragmentation is handled, so after you test the basic functioning with pings, try some real traffic (e.g. full-sized tcp packets) and see how it copes, you may need some scrub max-mss.
