Well, it works with openvpn now, I just forgot to add "dev-type tap" in the config file. It's just quite annoying that the man page for brconfig says that the bridge over gif should work and it does not.
Renaud Allard wrote: > Also, if I use openvpn with a tun0 (link0) instead of gif, packets pass > trough the tunnel. Although there are still some other problems because > the broadcast for arp seems to change from ff:ff:ff:ff:ff:ff to > 0:0:0:2:ff:ff. > > Renaud Allard wrote: >> It should be noted that when I put an ip on each sis1 interface, they >> can ping each other through the if tunnel. Only the arp packets from the >> lan don't seem to pass. Is this a bug or am I missing something? >> >> Renaud Allard wrote: >>> When sniffing on gif0 (tcpdump -ttt -n -e -i gif0), I get: >>> Apr 12 17:28:53.857812 >>> Apr 12 17:28:53.860054 >>> Apr 12 17:28:53.893533 >>> Apr 12 17:28:53.976284 >>> Apr 12 17:28:54.023758 >>> Apr 12 17:28:54.024148 >>> Apr 12 17:28:54.024565 >>> Apr 12 17:28:54.079725 >>> Apr 12 17:28:54.094511 >>> Apr 12 17:28:54.145102 >>> >>> Nothing more. Has someone any idea on why I don't see the packets? >>> >>> I tried setting the gif0 mtu to 1500 in case this could be a mtu >>> problem, but I still get the same thing. ARP broadcasts don't seem to >>> pass through the tunnel. >>> >>> Renaud Allard wrote: >>>> Hello, >>>> >>>> I have a setup like this: >>>> >>>> *********************** >>>> router1 >>>> hostname.gif0: up tunnel 172.17.0.170 195.16.12.50 >>>> hostname.sis0: inet 172.17.0.170 255.255.0.0 NONE >>>> hostname.sis1: up >>>> bridgename.bridge0: add gif0 >>>> add sis1 >>>> up >>>> >>>> ipsec.conf: ike esp proto etherip from 172.17.0.170 to 195.16.12.50 >>>> >>>> # netstat -nr | tail -2 >>>> 195.16.12.50/32 0 172.17.0.170/32 0 97 >>>> 195.16.12.50/esp/use/in >>>> 172.17.0.170/32 0 195.16.12.50/32 0 97 >>>> 195.16.12.50/esp/require/out >>>> >>>> # brconfig >>>> >>>> >>>> bridge0: flags=41<UP,RUNNING> >>>> priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto >>>> rstp >>>> sis1 flags=3<LEARNING,DISCOVER> >>>> port 2 ifpriority 0 ifcost 0 >>>> gif0 flags=3<LEARNING,DISCOVER> >>>> port 14 ifpriority 0 ifcost 0 >>>> Addresses (max cache: 100, timeout: 240): >>>> 00:11:85:25:fa:00 sis1 1 flags=0<> >>>> 00:11:85:21:09:40 sis1 1 flags=0<> >>>> 00:30:05:d1:17:58 sis1 1 flags=0<> >>>> etc >>>> >>>> *********************** >>>> >>>> router2 >>>> hostname.gif0: up tunnel 195.16.12.50 172.17.0.170 >>>> hostname.sis0: inet 195.16.12.50 255.255.254.0 NONE >>>> hostname.sis1: up >>>> bridgename.bridge0: add gif0 >>>> add sis1 >>>> up >>>> >>>> ipsec.conf: ike esp proto etherip from 195.16.12.50 to 172.17.0.170 >>>> >>>> # netstat -nr | tail -2 >>>> 172.17.0.170/32 0 195.16.12.50/32 0 97 >>>> 172.17.0.170/esp/use/in >>>> 195.16.12.50/32 0 172.17.0.170/32 0 97 >>>> 172.17.0.170/esp/require/out >>>> >>>> # brconfig >>>> bridge0: flags=41<UP,RUNNING> >>>> priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto >>>> rstp >>>> sis1 flags=3<LEARNING,DISCOVER> >>>> port 2 ifpriority 0 ifcost 0 >>>> gif0 flags=3<LEARNING,DISCOVER> >>>> port 10 ifpriority 0 ifcost 0 >>>> Addresses (max cache: 100, timeout: 240): >>>> 00:09:6b:45:27:59 sis1 1 flags=0<> >>>> >>>> >>>> ************************* >>>> >>>> >>>> If I do "tcpdump -ttt -n -e -vv -i gif0" on both routers, I see some >>>> traffic. But this is only local traffic, no packet is forwarded between >>>> both routers. If I do a tcpdump on the only router between router1 and >>>> router2, I see no traffic except the ipsec negotiation. >>>> >>>> I changed net.inet.ip.forwarding=1 and net.inet.etherip.allow=1 but it >>>> did not help. >>>> >>>> Is something wrong with my configuration?
