I have few questions regarding the Dynamic Rouitng (i.e. routed) and gif0 interface.
Questions:
1. There is any in-compatibility or known bug, if we use routed and gif0 interface together (I am using freeBSD 4.8 Release).
2. If there is no known bug then any one tested the above mention combination (routed and gif0 interface)
3. Is there any freeBSD document which describe how to configure gif0 and routed together.
Details: I go through the following documents: http://www.freebsd.org/handbook/ipsec.html http://asherah.dyndns.org/~josh/ipsec-howto.txt and follow the following steps:
1. I am using the www.freebsd.org/handbook/ipsec.html diagram as my reference network
2. Configure the gif0 interface , it work fine (tested by ping and tcpdump)
3. Configure IPSec in Transport mode (since I am interested in forwarding dynamic routing information over point-2-point VPN) using draft-touch-ipsec- vpn approach, i.e: IPSec policy
On Network 1: spdadd A.B.C.D W.X.Y.Z any -P out ipsec esp/transport//use; spdadd W.X.Y.Z A.B.C.D any -P in ipsec esp/transport//use;
On Network 2: spdadd W.X.Y.Z A.B.C.D any -P out ipsec esp/transport//use; spdadd A.B.C.D W.X.Y.Z any -P in ipsec esp/transport//use;
It works fine (ping and tcpdump).
3. Now I start "routed" with "-s" options, It never saw any routing information flow through the VPN (tcpdump). But I saw some ERROR message (IP_ADD_MEMBERSHIP RIP) during system REBOOT
4. So, I disabled the IPSec and try again but I still saw no routing information over VPN (tcpdump). But I saw some ERROR message (IP_ADD_MEMBERSHIP RIP) during system REBOOT
5. So, I disabled the gif0 interface as well, I saw the RIP packets exchanges between two freeBSD machine.
Summary: 1. routed works fine without gif0 interface. 2. VPN works fine without routed.
Thanks, Amin
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
