I didn't get the importance of having different addresses in part#1
and #2 and assumed from 'ifconfig tun0' [ ... ] inet 95.124.11.167 -->
10.0.0.2 netmask 0xfffffff [ ... ] that HISADDR did not change to a
valid one. I should have understood you were telling me the correct
syntax literally. I see that this configuration works and i understand
the syntax.
Sorry this took longer time than it should and thanks for following through.
I have found a great resource in 'Absolute OpenBSD: UNIX for the
Practical Paranoid' (ISBN 1886411999) and of course this was a great
first impression from this mailing list. I will try not to abuse it.
All the best to you
2010/5/24, J.C. Roberts <list-...@designtools.org>:
>
> I realize you must be frustrated while learning something new, but I am
> frustrated by you not paying attention. Now let's look at what I wrote
> one more time:
>
>>> set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0
>>> part#1 part#2 part#3 part#4
>
> The first chunk of part#1, namely '10.0.0.1', says I want my IP address
> to be 10.0.0.1 but the second chunk of part#1, namely the '/0', is a
> netmask which says I will accept any IP address the remote system wants
> me to use on my side.
>
> The first chunk of part#2, namely '10.0.0.2', says I want the remote
> side to use IP address 10.0.0.2 but the second chunk of part#2, namely
> the '/0', says I will accept any IP address the remote system wants to
> use on their side.
>
> The IP addresses (and netmasks) stated in part#1 and part#2 are
> important. They should never be the same, and they should never be set
> to default route address ('0.0.0.0'). This is why two separate private
> IP addresses are used in the above (10.0.0.1 and 10.0.0.2), and also why
> the netmask '/0' in CIDR notation allows for the remote side to pick any
> address it wants to use for *both* your IP address and its IP address.
>
> If you forget the CIDR notation netmask on part#1 or part#2, you are
> DEMANDING that the specified address be used, and if the other side
> disagrees, your side will disconnect.
>
> The part#3 is the netmask assigned on my side to the resulting
> connection after we negotiate addresses. Links between two systems made
> with Point to Point Protocol (ppp) are "weird" in comparison to typical
> network links, and some operating systems do not have a specific
> PointToPoint netmask in the network stack, so the netmask must be
> faked. Using '0.0.0.0' as the part#3 netmask tells the ppp program to
> use what is available and the result is ppp will typically set the
> netmask to '255.255.255.255' automatically.
>
> The part#4 is the trigger address which controls when ppp will try to
> establish a connection. Since we set part#4 to the equivalent of "any
> address" namely '0.0.0.0' any attempt to contact another system will
> result in ppp automatically establishing the connection. The thing to
> realize is 0.0.0.0 is roughly equivalent to a default route.
>
> The stuff you are doing is just plain wrong:
>
>> set ifaddr 0.0.0.0/0 0.0.0.0-255.255.255.254 0.0.0.0 0.0.0.0
>>> part#1 part#2 part#3 part#4
>
> Prior to negotiating address, you are saying your IP address will
> initially be 0.0.0.0 and the remote IP address will also initially be
> 0.0.0.0 The problem is, when two systems have the same IP address you
> have a conflict. Additionally, since 0.0.0.0 equates to the default
> route, this is very bad. Needless to say, the ppp(8) software is
> compensating for your mistakes and doing the best it can with your
> broken config.
>
> In the second chunk of your part#1, namely '/0', this netmask says that
> you will accept any IP address the other side wants you to use. This is
> good.
>
> In the second chunk of part#3, namely '-255.255.255.254' is using the
> wrong syntax. The ppp(8) program might interpret this as a range of
> addresses, or might interpret it as a pair of addresses, or it might
> interpret it as a netmask. You should use simple CIDR notation as
> described in the ppp man page.
>
> If ppp(8) is interpreting this bad second chunk of part#3 as a netmask,
> the you are *DEMANDING* that the remote system use 0.0.0.0 or 0.0.0.1 as
> its IP address, and if the remote side refuses to use one of those two
> addresses, then you will disconnect.
>
>
> jcr
