I have 2 4.6 machine that bridge an Ethernet network between 2 locations. I need to add another machine that will bring a 3rd location into this bridge.
I seem to be close, but I am missing something here. I seem to have the flows and SA's set up on the 3rd machine. here is what the "herad end" : r...@pb48:etc# ipsecctl -sa FLOWS: flow esp in proto etherip from 10.209.120.15 to 10.209.142.156 peer 10.209.120.15 srcid 10.209.142.156/32 dstid 10.209.120.15/32 type use flow esp out proto etherip from 10.209.142.156 to 10.209.120.15 peer 10.209.120.15 srcid 10.209.142.156/32 dstid 10.209.120.15/32 type require flow esp in proto etherip from 10.209.120.20 to 10.209.142.156 peer 10.209.120.20 srcid 10.209.142.156/32 dstid 10.209.120.20/32 type use flow esp out proto etherip from 10.209.142.156 to 10.209.120.20 peer 10.209.120.20 srcid 10.209.142.156/32 dstid 10.209.120.20/32 type require SAD: esp tunnel from 10.209.120.15 to 10.209.142.156 spi 0x0cead2aa auth hmac-sha2-256 enc aes esp tunnel from 10.209.142.156 to 10.209.120.15 spi 0x23cc9243 auth hmac-sha2-256 enc aes esp tunnel from 10.209.120.20 to 10.209.142.156 spi 0x31702a48 auth hmac-sha2-256 enc aes esp tunnel from 10.209.142.156 to 10.209.120.20 spi 0xdc20c4e2 auth hmac-sha2-256 enc aes The existing working bridge is the one with an IP of 10.209.120.15, and the new one is 10.209.120.20 On the workign bridge herre is what I have: r...@pblab:root# ipsecctl -s all FLOWS: flow esp in proto etherip from 10.209.142.156 to 10.209.120.15 peer 10.209.142.156 srcid 10.209.120.15/32 dstid 10.209.142.156/32 type use flow esp out proto etherip from 10.209.120.15 to 10.209.142.156 peer 10.209.142.156 srcid 10.209.120.15/32 dstid 10.209.142.156/32 type require SAD: esp tunnel from 10.209.120.15 to 10.209.142.156 spi 0x0cead2aa auth hmac-sha2-256 enc aes esp tunnel from 10.209.142.156 to 10.209.120.15 spi 0x23cc9243 auth hmac-sha2-256 enc aes On the new one, I have: r...@pb82:etc# ipsecctl -s all FLOWS: flow esp in proto etherip from 10.209.142.156 to 10.209.120.20 peer 10.209.142.156 srcid 10.209.120.20/32 dstid 10.209.142.156/32 type use flow esp out proto etherip from 10.209.120.20 to 10.209.142.156 peer 10.209.142.156 srcid 10.209.120.20/32 dstid 10.209.142.156/32 type require SAD: esp tunnel from 10.209.120.20 to 10.209.142.156 spi 0x31702a48 auth hmac-sha2-256 enc aes esp tunnel from 10.209.142.156 to 10.209.120.20 spi 0xdc20c4e2 auth hmac-sha2-256 enc aes This appears to be correct to me. On the head end I have a /etc/bridgename.bridge0 file that looks like this: r...@pb48:etc# cat /etc/bri* add gif0 add gif1 add nfe0 stp nfe0 up and gif files thatlook like this: r...@pb48:etc# ls /etc/hos*gif* /etc/hostname.gif0 /etc/hostname.gif1 o...@pb48:etc# cat /etc/host*gif* tunnel 10.209.142.156 10.209.120.15 up tunnel 10.209.142.156 10.209.120.20 up On the new bridge PC I have the folowing: r...@pb82:etc# cat /etc/bri* add gif0 add vr1 stp vr1 up and r...@pb82:etc# cat /etc/ho*gif* tunnel 10.209.120.20 10.209.142.156 up But things do not seem to be working. What am I missing? -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
