Re: gre tunnel problem

To: Harry Waddell <waddell%caravaninfotech.com@localhost>
Subject: Re: gre tunnel problem
From: David Young <dyoung%pobox.com@localhost>
Date: Mon, 7 Nov 2011 10:44:57 -0600

On Wed, Oct 26, 2011 at 04:02:15PM -0700, Harry Waddell wrote:
> 
> I'm trying to emulate a cisco's behavior when creating an IPSEC + GRE tunnel 
> to a fortigate device. IPSEC is working fine with racoon, but I can't quite 
> figure out how to get the gre device on the netbsd device configured in such 
> a way that the fortigate will route packets back over the tunnel. That's 
> context -- the issue is seems to be failing to setup the gre device properly
> 
> Here the basic setup
> 
> 10.8.199/24 --- Host A(netbsd, public A.B.C.D) <---
>                               --> Host B(fortigate, public 
> E.F.G.H)----10.130.6/24
> 
> Host A's view
> 
> ifconfig gre1 create
> ifconfig gre1 172.20.20.1 172.20.20.2 netmask 255.255.255.255 
> ifconfig gre1 tunnel A.B.C.D E.F.G.H
> route add -net 10.130.6/24 172.20.20.2
> 
> using the unused private addresses as interior endpoint which all
> seems to be fine, but I can't ping 172.20.20.1 on host A since it
> still thinks this address should be reached via the default route.

I thought this may be a regression, but I am told that NetBSD 4 does not
add a route to the local address, either.

I think that in -current, all of the bugs that you found are now fixed.

I don't think that pullups to 5 are going to be possible, teasing apart
the gre(4) changes from other changes to the IP stack will be too
difficult. :-(

Dave

-- 
David Young             OJC Technologies is now Pixo
dyoung%pixotech.com@localhost     Urbana, IL   (217) 344-0444 x24

References:
- gre tunnel problem
  - From: Harry Waddell

Prev by Date: Re: How to include items for build with build.sh?
Next by Date: Re: How to include items for build with build.sh?
Previous by Thread: Re: gre tunnel problem
Next by Thread: Setitimer()
Indexes:

Home | Main Index | Thread Index | Old Index