Re: OSPF over gif on top of IPsec transport -current

2018-03-14 Thread Claudio Jeker
On Wed, Mar 14, 2018 at 07:07:36PM +, csszep wrote: > Hi! > > Will this fix be commit before 6.3 release? > Yes something like this will need to be put into 6.3 since this is currently a regression from 6.2. > David Gwynne ezt írta (id??pont: 2018. márc. 13., K 23:41): >

Re: OSPF over gif on top of IPsec transport -current

2018-03-14 Thread csszep
Hi! Will this fix be commit before 6.3 release? Thx csszep David Gwynne ezt írta (időpont: 2018. márc. 13., K 23:41): > > > On 10 Mar 2018, at 08:01, Remi Locherer wrote: > > > > > > With below diff the setup works as expected: tcpdump shows OSPF

Re: OSPF over gif on top of IPsec transport -current

2018-03-13 Thread David Gwynne
> On 10 Mar 2018, at 08:01, Remi Locherer wrote: > > > With below diff the setup works as expected: tcpdump shows OSPF hellos > on gif0 and ospfd sees the neighbour. > > I don't think it's the correct fix though. functionally it is the correct fix. when i reworked

Re: OSPF over gif on top of IPsec transport -current

2018-03-13 Thread Marc Peters
On Tue, Mar 13, 2018 at 05:33:11PM +0100, Maxim Bourmistrov wrote: > I moved over to etherip(4) some time ago. In transition to etherip, combo of > etherip on one side and gif on another worked well. > I also remember announcement of gif(4) to be retired. > > HISTORY > The gif device first

Re: OSPF over gif on top of IPsec transport -current

2018-03-13 Thread Maxim Bourmistrov
> 13 mars 2018 kl. 11:56 skrev Marc Peters : > > On Tue, Mar 13, 2018 at 10:24:43AM +0100, Remi Locherer wrote: >>> and it is harder for traffic inside the tunnel >>> to leak out of ipsec. more specifically, gif handles 3 ip protocols, >>> ipv4, ipv6, and mpls, which are ip

Re: OSPF over gif on top of IPsec transport -current

2018-03-13 Thread Marc Peters
On Tue, Mar 13, 2018 at 10:24:43AM +0100, Remi Locherer wrote: > > and it is harder for traffic inside the tunnel > > to leak out of ipsec. more specifically, gif handles 3 ip protocols, > > ipv4, ipv6, and mpls, which are ip protocol numbers 4, 41, and 137 > > respectively. it is likely that

Re: OSPF over gif on top of IPsec transport -current

2018-03-13 Thread Marko Cupać
Hi, sorry to hijack the thread, my question is not directly related, but deals with same goal. I have physical topology where datacentre has two carped firewalls, while branch offices have single firewall each, with two uplinks: isp2---em0

Re: OSPF over gif on top of IPsec transport -current

2018-03-13 Thread Remi Locherer
On 2018-03-13 07:28, David Gwynne wrote: On 11 Mar 2018, at 05:30, Atanas Vladimirov wrote: On 2018-03-10 00:01, Remi Locherer wrote: With below diff the setup works as expected: tcpdump shows OSPF hellos on gif0 and ospfd sees the neighbour. I don't think it's the correct

Re: OSPF over gif on top of IPsec transport -current

2018-03-13 Thread David Gwynne
> On 11 Mar 2018, at 05:30, Atanas Vladimirov wrote: > > On 2018-03-10 00:01, Remi Locherer wrote: >>> >> With below diff the setup works as expected: tcpdump shows OSPF hellos >> on gif0 and ospfd sees the neighbour. >> I don't think it's the correct fix though. >> Index:

Re: OSPF over gif on top of IPsec transport -current

2018-03-10 Thread Atanas Vladimirov
On 2018-03-10 00:01, Remi Locherer wrote: On Fri, Mar 09, 2018 at 06:13:10PM +0100, Remi Locherer wrote: On Sun, Mar 04, 2018 at 01:08:21PM +0200, Atanas Vladimirov wrote: > Hi, > > I can't make OSPF to work on gif over IPsec. > With tcpdump on gif I see the OSPFv2-hello only from localhost: >

Re: OSPF over gif on top of IPsec transport -current

2018-03-09 Thread Remi Locherer
On Fri, Mar 09, 2018 at 06:13:10PM +0100, Remi Locherer wrote: > On Sun, Mar 04, 2018 at 01:08:21PM +0200, Atanas Vladimirov wrote: > > Hi, > > > > I can't make OSPF to work on gif over IPsec. > > With tcpdump on gif I see the OSPFv2-hello only from localhost: > > > > # R1 > > [ns]~$ tcpdump

Re: OSPF over gif on top of IPsec transport -current

2018-03-09 Thread Remi Locherer
On Sun, Mar 04, 2018 at 01:08:21PM +0200, Atanas Vladimirov wrote: > Hi, > > I can't make OSPF to work on gif over IPsec. > With tcpdump on gif I see the OSPFv2-hello only from localhost: > > # R1 > [ns]~$ tcpdump -nei gif0 > tcpdump: listening on gif0, link-type LOOP > 23:19:29.181685

Re: OSPF over gif on top of IPsec transport -current

2018-03-04 Thread Atanas Vladimirov
On 2018-03-04 13:31, Stefan Sperling wrote: On Sun, Mar 04, 2018 at 01:08:21PM +0200, Atanas Vladimirov wrote: Please, let me know if I'm doing something wrong/stupid or this is bug somewhere in the stack. I can't spot anything wrong in what you've shown but it seems you're not looking at all

Re: OSPF over gif on top of IPsec transport -current

2018-03-04 Thread Stefan Sperling
On Sun, Mar 04, 2018 at 01:08:21PM +0200, Atanas Vladimirov wrote: > Please, let me know if I'm doing something wrong/stupid or this is bug > somewhere in the stack. I can't spot anything wrong in what you've shown but it seems you're not looking at all the data you could be looking at. What

OSPF over gif on top of IPsec transport -current

2018-03-04 Thread Atanas Vladimirov
Hi, I can't make OSPF to work on gif over IPsec. With tcpdump on gif I see the OSPFv2-hello only from localhost: # R1 [ns]~$ tcpdump -nei gif0 tcpdump: listening on gif0, link-type LOOP 23:19:29.181685 10.255.255.2 > 224.0.0.5: OSPFv2-hello 44: rtrid 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl