Re: vether(4) use case
On Sun, Jun 20, 2010 at 5:57 PM, Claudio Jeker cje...@diehard.n-r-g.com wrote: This will not work because em0 is having the clonable route for 172.16.0/24 and so arp is unable to work on vether0 since you created an addressing conflict. Thank you for your response. I have been testing it further and I think I understand a little better. I have this working fine: Outside network routes 10.1.1.10 to 10.0.0.10. em0 (10.0.0.10/24) is bridged to vether0 (10.1.1.10/24) and I can access this scenario just fine. I am having a hard time getting a non-encrypted gif(4) tunnel working. Can anyone share a working config? I think if I can get gif(4) working right then I can get vether(4) working as well. Thanks again! Bryan
Re: vether(4) use case
On Wed, Jun 23, 2010 at 10:16:43AM -0400, Bryan Vyhmeister wrote: On Sun, Jun 20, 2010 at 5:57 PM, Claudio Jeker cje...@diehard.n-r-g.com wrote: This will not work because em0 is having the clonable route for 172.16.0/24 and so arp is unable to work on vether0 since you created an addressing conflict. Thank you for your response. I have been testing it further and I think I understand a little better. I have this working fine: Outside network routes 10.1.1.10 to 10.0.0.10. em0 (10.0.0.10/24) is bridged to vether0 (10.1.1.10/24) and I can access this scenario just fine. I am having a hard time getting a non-encrypted gif(4) tunnel working. Can anyone share a working config? I think if I can get gif(4) working right then I can get vether(4) working as well. Thanks again! ifconfig gif0 tunnel 192.168.1.1 192.168.2.17 up ifconfig bridge0 add gif0 add fxp1 up sysctl net.inet.etherip.allow=1 This is all documented in gif(4) btw. -- :wq Claudio
Re: vether(4) use case
On Wed, Jun 23, 2010 at 11:38 AM, Claudio Jeker cje...@diehard.n-r-g.com wrote: I am having a hard time getting a non-encrypted gif(4) tunnel working. Can anyone share a working config? I think if I can get gif(4) working right then I can get vether(4) working as well. Thanks again! ifconfig gif0 tunnel 192.168.1.1 192.168.2.17 up ifconfig bridge0 add gif0 add fxp1 up sysctl net.inet.etherip.allow=1 This is all documented in gif(4) btw. I did follow those steps exactly. On host1: ifconfig em0 1.1.1.1/24 up ifconfig gif0 tunnel 1.1.1.1 2.2.2.2 up ifconfig vether0 1.1.2.1/30 up ifconfig bridge0 add gif0 add vether0 up On host2: ifconfig em0 2.2.2.2/24 up ifconfig gif0 tunnel 2.2.2.2 1.1.1.1 up ifconfig vether0 1.1.2.2/30 up ifconfig bridge0 add gif0 add vether0 up I'm not sure how to route between the hosts. If I ping the vether0 address from the other host in either case I get a no route to host. Thank you for your help. I'm sure I'm just missing something obvious. Bryan
Re: vether(4) use case
I knew it was something stupid. I added set skip on { gif0 vether0 } to pf.conf for testing and everything started working. Sorry for the noise. Bryan
Re: vether(4) use case
I do have one more question. I have the config below. I can ping the vether0 address from the other side of the tunnel from either host. Also, all IP addresses mentioned are publicly routable. On host1: ifconfig em0 1.1.1.1/24 up ifconfig gif0 tunnel 1.1.1.1 2.2.2.2 up ifconfig vether0 1.1.2.1/30 up ifconfig bridge0 add gif0 add vether0 up On host2: ifconfig em0 2.2.2.2/24 up ifconfig gif0 tunnel 2.2.2.2 1.1.1.1 up ifconfig vether0 1.1.2.2/30 up ifconfig bridge0 add gif0 add vether0 up The 1.1.2.0/30 IP addresses are routed to 1.1.1.1. While I can ping 1.1.2.1 from the outside internet, I cannot access 1.1.2.2. Also, from hosts behind host2, I can ping 1.1.2.2 but not 1.1.2.1. What am I doing wrong? Thank you! Bryan
Re: vether(4) use case
On Tue, Jun 15, 2010 at 02:31:18PM -0400, Bryan Vyhmeister wrote: I am testing vether(4) and I am wondering if this is a use case that should work. ifconfig em0 172.16.0.10/24 up ifconfig bridge0 create ifconfig vether0 create ifconfig bridge0 add em0 add vether0 up ifconfig vether0 172.16.0.11/24 up I can't ping the vether0 IP address from other hosts on the same network or from the same host. Should I be able to ping 172.16.0.11 from somewhere else on the same network or from the same host? PF is disabled in this test. This will not work because em0 is having the clonable route for 172.16.0/24 and so arp is unable to work on vether0 since you created an addressing conflict. -- :wq Claudio
vether(4) use case
I am testing vether(4) and I am wondering if this is a use case that should work. ifconfig em0 172.16.0.10/24 up ifconfig bridge0 create ifconfig vether0 create ifconfig bridge0 add em0 add vether0 up ifconfig vether0 172.16.0.11/24 up I can't ping the vether0 IP address from other hosts on the same network or from the same host. Should I be able to ping 172.16.0.11 from somewhere else on the same network or from the same host? PF is disabled in this test. Bryan