Re: Extended VLAN?
On 4/14/2010 1:04 AM, Dan D Niles wrote: I have two FreeBSD routers. I would like both locations to share the 10.10.0.0/16 network. If I were using Cisco routers I would use extended VLANs. How would I do that with FreeBSD routers? I already have a tunnel set up and routing different networks in the 192.168.0.0/16 range. Router A: ifconfig em2 inet 192.168.1.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.1.1 192.168.2.1 netmask 255.255.255.0 tunnelrouterA routerB route add 192.168.2.0/24 129.168.2.1 Router B: ifconfig em2 inet 192.168.2.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.2.1 192.168.1.1 netmask 255.255.255.0 tunnelrouterB routerA route add 192.168.1.0/24 129.168.1.1 This routes traffic between 192.168.1.0/24 and 192.168.2.0/24 as I would expect. The docs say I can use a tunnel with a bridge, which seems like it would do what I want. Router A: ifconfig em3 inet 10.10.1.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 Router B: ifconfig em3 inet 10.10.2.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 I cannot ping 10.10.2.1 from router A or 10.10.1.1 from router B. Should I be able to use a bridge this way? Am I missing some piece? If I recall correctly the recommended setup is to assign the IP address to the bridge interface and leave the bridge members unnumbered. These problems you are seeing must be some corner case in FreeBSD's routing and/or ARP subsystems. See if assigning the IP to bridge0 helps Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extended VLAN?
On 4/14/2010 6:38 PM, Dan D Niles wrote: OK, this is weird. I ran wireshark on the destination side (across the bridge). When I try to ping the destination router, the arp request is sent across the bridge, but there is no arp reply. It seems like the destination router is not responding to arp requests that come in over the bridge. Since the router knows that 10.10.0.0/16 is attached to the em3 interface it sends the ARP reply over that interface and not the gif0 one. That ARP reply does not goes to the other side of the bridge as it should. I don't know the reasoning behind it but I have heard it in the past. Perhaps assigning IP addresses to member interfaces of a bridge is probably bad practice (at least regarding the particular implementation). HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extended VLAN?
On 14 April 2010 16:14, Dan D Niles d...@more.net wrote: On Wed, 2010-04-14 at 00:23 +0200, Ross Cameron wrote: Look into OpenVPN's bridge mode. www.openvpn.net I use it to bridge networks like what you have in mind quite regularly. Thanks, I'll look into that. On Wed, Apr 14, 2010 at 12:04 AM, Dan D Niles d...@more.net wrote: I have two FreeBSD routers. I would like both locations to share the 10.10.0.0/16 network. If I were using Cisco routers I would use extended VLANs. How would I do that with FreeBSD routers? I already have a tunnel set up and routing different networks in the 192.168.0.0/16 range. Router A: ifconfig em2 inet 192.168.1.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.1.1 192.168.2.1 netmask 255.255.255.0 tunnel routerA routerB route add 192.168.2.0/24 129.168.2.1 Router B: ifconfig em2 inet 192.168.2.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.2.1 192.168.1.1 netmask 255.255.255.0 tunnel routerB routerA route add 192.168.1.0/24 129.168.1.1 This routes traffic between 192.168.1.0/24 and 192.168.2.0/24 as I would expect. The docs say I can use a tunnel with a bridge, which seems like it would do what I want. Router A: ifconfig em3 inet 10.10.1.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 Router B: ifconfig em3 inet 10.10.2.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 I cannot ping 10.10.2.1 from router A or 10.10.1.1 from router B. Should I be able to use a bridge this way? Am I missing some piece? Is there an easier/better way to extend a VLAN with FreeBSD routers? Thanks! Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org openvpn is a good solution, but that isn't the bit that does the bridging, its actually the tap interface that does. Openvpn just does the crytpo side, auth and tunnel setup ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extended VLAN?
On 13 April 2010 23:04, Dan D Niles d...@more.net wrote: I have two FreeBSD routers. I would like both locations to share the 10.10.0.0/16 network. If I were using Cisco routers I would use extended VLANs. How would I do that with FreeBSD routers? I already have a tunnel set up and routing different networks in the 192.168.0.0/16 range. Router A: ifconfig em2 inet 192.168.1.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.1.1 192.168.2.1 netmask 255.255.255.0 tunnel routerA routerB route add 192.168.2.0/24 129.168.2.1 Router B: ifconfig em2 inet 192.168.2.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.2.1 192.168.1.1 netmask 255.255.255.0 tunnel routerB routerA route add 192.168.1.0/24 129.168.1.1 This routes traffic between 192.168.1.0/24 and 192.168.2.0/24 as I would expect. The docs say I can use a tunnel with a bridge, which seems like it would do what I want. Router A: ifconfig em3 inet 10.10.1.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 Router B: ifconfig em3 inet 10.10.2.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 I cannot ping 10.10.2.1 from router A or 10.10.1.1 from router B. Should I be able to use a bridge this way? Am I missing some piece? Is there an easier/better way to extend a VLAN with FreeBSD routers? Thanks! Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extended VLAN?
On 13 April 2010 23:04, Dan D Niles d...@more.net wrote: I have two FreeBSD routers. I would like both locations to share the 10.10.0.0/16 network. If I were using Cisco routers I would use extended VLANs. How would I do that with FreeBSD routers? I already have a tunnel set up and routing different networks in the 192.168.0.0/16 range. Router A: ifconfig em2 inet 192.168.1.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.1.1 192.168.2.1 netmask 255.255.255.0 tunnel routerA routerB route add 192.168.2.0/24 129.168.2.1 Router B: ifconfig em2 inet 192.168.2.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.2.1 192.168.1.1 netmask 255.255.255.0 tunnel routerB routerA route add 192.168.1.0/24 129.168.1.1 This routes traffic between 192.168.1.0/24 and 192.168.2.0/24 as I would expect. The docs say I can use a tunnel with a bridge, which seems like it would do what I want. Router A: ifconfig em3 inet 10.10.1.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 Router B: ifconfig em3 inet 10.10.2.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 I cannot ping 10.10.2.1 from router A or 10.10.1.1 from router B. Should I be able to use a bridge this way? Am I missing some piece? Is there an easier/better way to extend a VLAN with FreeBSD routers? Thanks! Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org it sounds stupid but is the bridge up? ie do a ifconfig bridge0 up ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extended VLAN?
it sounds stupid but is the bridge up? ie do a ifconfig bridge0 up The phisical NIC's, members of the bridge, must be up either. Alberto Mijares ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extended VLAN?
On Wed, 2010-04-14 at 09:06 +0100, krad wrote: it sounds stupid but is the bridge up? ie do a ifconfig bridge0 up Yes, the bridge is up. Still no love. I watched the traffic with wireshark. All I see is arp requests with no response. Do I need to run an arp daemon to forward arp requests across the tunnel? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extended VLAN?
On Wed, 2010-04-14 at 00:23 +0200, Ross Cameron wrote: Look into OpenVPN's bridge mode. www.openvpn.net I use it to bridge networks like what you have in mind quite regularly. Thanks, I'll look into that. On Wed, Apr 14, 2010 at 12:04 AM, Dan D Niles d...@more.net wrote: I have two FreeBSD routers. I would like both locations to share the 10.10.0.0/16 network. If I were using Cisco routers I would use extended VLANs. How would I do that with FreeBSD routers? I already have a tunnel set up and routing different networks in the 192.168.0.0/16 range. Router A: ifconfig em2 inet 192.168.1.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.1.1 192.168.2.1 netmask 255.255.255.0 tunnel routerA routerB route add 192.168.2.0/24 129.168.2.1 Router B: ifconfig em2 inet 192.168.2.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.2.1 192.168.1.1 netmask 255.255.255.0 tunnel routerB routerA route add 192.168.1.0/24 129.168.1.1 This routes traffic between 192.168.1.0/24 and 192.168.2.0/24 as I would expect. The docs say I can use a tunnel with a bridge, which seems like it would do what I want. Router A: ifconfig em3 inet 10.10.1.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 Router B: ifconfig em3 inet 10.10.2.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 I cannot ping 10.10.2.1 from router A or 10.10.1.1 from router B. Should I be able to use a bridge this way? Am I missing some piece? Is there an easier/better way to extend a VLAN with FreeBSD routers? Thanks! Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extended VLAN?
On Wed, 2010-04-14 at 10:11 -0500, Dan D Niles wrote: On Wed, 2010-04-14 at 09:06 +0100, krad wrote: it sounds stupid but is the bridge up? ie do a ifconfig bridge0 up Yes, the bridge is up. Still no love. I watched the traffic with wireshark. All I see is arp requests with no response. Do I need to run an arp daemon to forward arp requests across the tunnel? OK, this is weird. I ran wireshark on the destination side (across the bridge). When I try to ping the destination router, the arp request is sent across the bridge, but there is no arp reply. It seems like the destination router is not responding to arp requests that come in over the bridge. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Extended VLAN?
I have two FreeBSD routers. I would like both locations to share the 10.10.0.0/16 network. If I were using Cisco routers I would use extended VLANs. How would I do that with FreeBSD routers? I already have a tunnel set up and routing different networks in the 192.168.0.0/16 range. Router A: ifconfig em2 inet 192.168.1.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.1.1 192.168.2.1 netmask 255.255.255.0 tunnel routerA routerB route add 192.168.2.0/24 129.168.2.1 Router B: ifconfig em2 inet 192.168.2.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.2.1 192.168.1.1 netmask 255.255.255.0 tunnel routerB routerA route add 192.168.1.0/24 129.168.1.1 This routes traffic between 192.168.1.0/24 and 192.168.2.0/24 as I would expect. The docs say I can use a tunnel with a bridge, which seems like it would do what I want. Router A: ifconfig em3 inet 10.10.1.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 Router B: ifconfig em3 inet 10.10.2.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 I cannot ping 10.10.2.1 from router A or 10.10.1.1 from router B. Should I be able to use a bridge this way? Am I missing some piece? Is there an easier/better way to extend a VLAN with FreeBSD routers? Thanks! Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extended VLAN?
Look into OpenVPN's bridge mode. www.openvpn.net I use it to bridge networks like what you have in mind quite regularly. On Wed, Apr 14, 2010 at 12:04 AM, Dan D Niles d...@more.net wrote: I have two FreeBSD routers. I would like both locations to share the 10.10.0.0/16 network. If I were using Cisco routers I would use extended VLANs. How would I do that with FreeBSD routers? I already have a tunnel set up and routing different networks in the 192.168.0.0/16 range. Router A: ifconfig em2 inet 192.168.1.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.1.1 192.168.2.1 netmask 255.255.255.0 tunnel routerA routerB route add 192.168.2.0/24 129.168.2.1 Router B: ifconfig em2 inet 192.168.2.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.2.1 192.168.1.1 netmask 255.255.255.0 tunnel routerB routerA route add 192.168.1.0/24 129.168.1.1 This routes traffic between 192.168.1.0/24 and 192.168.2.0/24 as I would expect. The docs say I can use a tunnel with a bridge, which seems like it would do what I want. Router A: ifconfig em3 inet 10.10.1.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 Router B: ifconfig em3 inet 10.10.2.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 I cannot ping 10.10.2.1 from router A or 10.10.1.1 from router B. Should I be able to use a bridge this way? Am I missing some piece? Is there an easier/better way to extend a VLAN with FreeBSD routers? Thanks! Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
