On Mon, Jul 13, 2009 at 6:59 PM, Christopher Hilton<ch...@vindaloo.com>
wrote:
> I'm trying to setup a gif or gre tunnel between two machines running
OpenBSD
> 4.5. North is a soekris 5501 and south is a soekris 4511. Both are routers.
>
> North:
>
> LAN: 192.168.144.0/24 via 192.168.144.1
> WAN: 10.0.2.1
>
> South:
>
> LAN: 192.168.140.0/24 via 192.168.140.1
> WAN: 172.16.34.57
>
> I'm doing the following:
>
> North:
>
> # ifconfig gif0 create
> # ifconfig gif0 inet 172.17.0.1 172.17.0.2 netmask 255.255.255.0 \
> tunnel 10.0.2.1 172.16.34.57
> # route add -net 192.168.140.0/24 172.17.0.1
>
> South:
>
> # ifconfig gif0 create
> # ifconfig gif0 inet 172.17.0.2 172.17.0.1 netmask 255.255.255.0 \
> tunnel 172.16.34.57 10.0.2.1
> # route add -net 192.168.144.0/24 172.17.0.2
>
> I'm doing:
>
> # sysctl net.inet.etherip.allow=1
>
> On both sides.
>
> I'm getting no joy getting packets through this tunnel. I am running pf on
> this configuration. According to the documentation the default
encapsulation
> for the gif devices is protocol 97 etherip but when I tcpdump my external
> interfaces I'm seeing encapsulated packets with protocol 4 (ipencap) pass.
> So I've added the following rules to both pf.confs:
>
> pass in on $ext_if proto { ipencap, etherip }
> pass out on $ext_if proto { ipencap, etherip }
>
> Can anyone see anything obviously wrong or forgotten here? Or, does anyone
> have a simple gif tunnel setup that could maybe assist me?
>
> Thanks in advance,
>
> -- Chris
>
>
ifconfigs, pf.conf, dmesg
-HKS
