On Thu, 11 Sep 2008, Giancarlo Razzolini wrote:
bbee escreveu:
As per the "IPSEC BRIDGE" section in brconfig(8) I've set up
host-to-host ipsec and a gif tunnel between the router and the laptop.
Then on the router, I bridge the wired interface and the gif tunnel.
tcpdump shows me the laptop is recieving etherip packets from the
router, but ofcourse since it isn't a bridge itself it doesn't know
what to do with them. How do I get the laptop to process these packets?
What interface do I assign an IP address to? I've tried giving the gif
tunnel an ipv6 address, but if I then use it to send data it will send
protocol 41 (ipv6) encapsulated packets and not 97 (etherip).
Bridging the wired and wireless interfaces directly (and then having
the router do transparent IPSEC) would only solve part of the problem,
since I'd like the laptop to be able to use its local IP address even
if it's doing IPSEC to the router over the internet.
How does one, in general, bridge only a single host to a LAN with an
OpenBSD router? Help!!
I think that, in your case, making the router to bridge with the wired
net directly, you would already be able to get an ip directly in the
wired net, from the dhcp server of the wired network. My router in my
home do this. So no much point in all this "ipsec/vpn" thing. Now, about
this trunk stuff you are wanting, i didn't got it. You are thinking in
trunking both a wireless if and a wired if, and make them both to work
on the same net? please clarify it for us.
Yes, as per the last example in trunk(4). If I unplug the LAN cable from my
laptop, I want the connections to survive by failover to the wireless
connection. The trunk(4) example doesn't describe the router's end of the
configuration, but since there's only one IP, I'm assuming the networks
have to be bridged at the router end.
Similarly, I have a linux laptop with an UMTS card. When it goes out of
range of my wlan, I want the IP to fail over to the UMTS connection, which
is why I'd need ipsec over the internet to the OBSD router. The ipsec part
is not the problem..
Getting OpenBSD to do something with etherip packets when it's not a
bridge, that's the problem.. I feel like I'm missing something extremely
obvious..
Thanks and please cc,
bbee
