FW: Fw: bride

Thu, 25 Jan 2007 03:49:11 -0800 

I'm trying to set up a bridge between to physically seperated
locations. I'm uisng brifge with gif to do this. I've put the this
in /etc/ipsec.conf

Machine A 
ike esp proto etherip from xx.85.113.50 to xx.85.113.112

Machine B 
ike esp proto etherip from xx.85.113.112 to xx.85.113.112

And it looks like the SA's and flows are up:


# ipsecctl -sa
FLOWS:
flow esp in proto etherip from xx.85.113.50 to xx.85.113.112 peer 
xx.85.113.50 srcid xx.85.113.112/32 dstid xx.85.113.50/32 type use
flow esp out proto etherip from xx.85.113.112 to xx.85.113.50 peer 
xx.85.113.50 srcid xx.85.113.112/32 dstid xx.85.113.50/32 type require

SAD:
esp tunnel from xx.85.113.50 to xx.85.113.112 spi 0x30d45064 auth 
hmac-sha2-256 enc aes \
        authkey 
0x03ee2f03d0bec6017f0ae9238640476037926f05bf960847e960c27196c787e3 \
        enckey 0x10d440528e75e2d1ef88a708d6711773
esp tunnel from xx.85.113.112 to xx.85.113.50 spi 0xd2df92a9 auth 
hmac-sha2-256 enc aes \
        authkey 
0x99ff627a8e21b82f0ac6be6645be3c296a363c699b2a7077539ee4c2579bc148 \
        enckey 0x42a78990ed9048e709bb047d57381e16
# ^D


FLOWS:

flow esp in proto etherip from xx.85.113.112 to xx.85.113.50 peer 
xx.85.113.112 srcid xx.85.113.50/32 dstid xx.85.113.112/32 type use

flow esp out proto etherip from xx.85.113.50 to xx.85.113.112 peer 
xx.85.113.112 srcid xx.85.113.50/32 dstid xx.85.113.112/32 type require



SAD:

esp tunnel from xx.85.113.50 to xx.85.113.112 spi 0x30d45064 auth 
hmac-sha2-256 enc aes \

        authkey 
0x03ee2f03d0bec6017f0ae9238640476037926f05bf960847e960c27196c787e3 \

        enckey 0x10d440528e75e2d1ef88a708d6711773

esp tunnel from xx.85.113.112 to xx.85.113.50 spi 0xd2df92a9 auth 
hmac-sha2-256 enc aes \

        authkey 
0x99ff627a8e21b82f0ac6be6645be3c296a363c699b2a7077539ee4c2579bc148 \

        enckey 0x42a78990ed9048e709bb047d57381e16

Then I ran the following scripts:

# cat start
ifconfig bridge0 create
ifconfig nfe0 up
ifconfig gif0 create
ifconfig gif0 tunnel xx.85.113.112 xx.85.113.50
brconfig bridge0 add gif0 add nfe0
ifconfig gif0 up
brconfig bridge0 up


# cat start
ifconfig bridge0 create
ifconfig nfe0 up
ifconfig gif0 create
ifconfig gif0 tunnel xx.85.113.50 xx.85.113.112
ifconfig gif0 up
brconfig bridge0 add gif0 add nfe0
brconfig bridge0 up

The nfe0 interface on both machines is on the "inside: of the
desired tunnel, and does not have an IP adress The bge0
interface is on the network I wnat to tunnel over.

brconfig on both sides shows _some_ MAC addresses from
the other side. But I cannot ping through the tunnel.

What am I doing incorectly here?


-- 
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Reply via email to