On Sun, Jan 21, 2007 at 09:44:35PM +0000, Stuart Henderson wrote:
> On 2007/01/21 14:59, stan wrote:
> > On Wed, Jan 17, 2007 at 03:35:57PM +0000, Stuart Henderson wrote:
> (hmm, ntpd+zaurus+zzz = occasional rifts in the space-time continuum)
>
> > > > Can anyone point me to some information as to how I need to change
> > > > things
> > > > to get this working at this level?
> > >
> > > yes: brconfig(8)
> >
> > Thanks, that looks like it covers a lot of what I need.
> >
> > One question, if I might. Since I already have the IP link up, I don't need
> > to create new SA's, just for the bridge to tunnel layer 2 traffic, do I?
>
> As long as the packets from the gif tunnel are covered by the SA, that
> should be fine - they'll be protocol 97 (etherip) between the ip addresses
> of the two isakmpd boxes.
>
> Also watch out for packet sizes, I'm not sure how fragmentation is
> handled, so after you test the basic functioning with pings, try some
> real traffic (e.g. full-sized tcp packets) and see how it copes, you may
> need some scrub max-mss.
>
I'm still missing something here.
I've got basic IP tuneling working between 2 machines, and I've added teh
following to /etc/ipsec.conf :
ike esp proto etherip from x.x.176.33 to x.x.176.37
Which should give me an SA for this, then I have a test script that looks
like this:
ifconfig bridge0 create
ifconfig gif0 create
ifconfig gif0 tunnel x.x.176.33 x.x.176.37
ifconfig gif0 up
brconfig bridge0 up
But when I try to do "brconfig learn bridge0" I get a message about the
interface not being configured. Looks like it is though:
ifconfig snippet follows
enc0: flags=0<> mtu 1536
bridge0: flags=41<UP,RUNNING> mtu 1500
groups: bridge
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
groups: gif
physical address inet x.x.176.33 --> x.x.176.37
inet6 fe80::2e0:18ff:fed3:719d%gif0 -> prefixlen 64 scopeid 0xa
What am I missing here?
--
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
