NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: gre tunnel problem

On Wed, Oct 26, 2011 at 04:02:15PM -0700, Harry Waddell wrote:
> I'm trying to emulate a cisco's behavior when creating an IPSEC + GRE tunnel 
> to a fortigate device. IPSEC is working fine with racoon, but I can't quite 
> figure out how to get the gre device on the netbsd device configured in such 
> a way that the fortigate will route packets back over the tunnel. That's 
> context -- the issue is seems to be failing to setup the gre device properly
> Here the basic setup
> 10.8.199/24 --- Host A(netbsd, public A.B.C.D) <---
>                               --> Host B(fortigate, public 
> E.F.G.H)----10.130.6/24
> Host A's view
> ifconfig gre1 create
> ifconfig gre1 netmask 
> ifconfig gre1 tunnel A.B.C.D E.F.G.H
> route add -net 10.130.6/24
> using the unused private addresses as interior endpoint which all
> seems to be fine, but I can't ping on host A since it
> still thinks this address should be reached via the default route.

I thought this may be a regression, but I am told that NetBSD 4 does not
add a route to the local address, either.

I think that in -current, all of the bugs that you found are now fixed.

I don't think that pullups to 5 are going to be possible, teasing apart
the gre(4) changes from other changes to the IP stack will be too
difficult. :-(


David Young             OJC Technologies is now Pixo     Urbana, IL   (217) 344-0444 x24

Home | Main Index | Thread Index | Old Index