Michael Grimm <trash...@ellael.org> wrote: Nevermind, I solved my issue. I has been a minor typo with major consequences.
> Configuration (shown for hostA, only): > > setkey.conf > # hostA hostB > hostA hostB > spdadd 10.1.1.0/24 10.2.2.0/24 any -P out ipsec > esp/tunnel/1.2.3.4-10.20.30.40/require; Contrarily to this example line above, my real setkey.conf has had an "in" instead of "out" :-( > Achieved sofar: > > #) Allowing arpproxy_all="YES" will satisfy ARP (MACs from opposite > VNET jails will become assigned). > I do not know if that is needed, but now ping from jails to the > opposite jails will at least start to send ICMP packages. Now I have to state: yes, ARP proxying is mandatory in my setup. Hmm, I need to learn more about ARP. Because now I do observe a lot of lines like … | <kern.info> mike kernel: arp: proxy: ignoring request from 10.1.1.1 via epair1a … and I do not know if I do have to be concerned about those. Do I? Sorry for the noise! Regards, Michael _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"