I'm trying to setup a gif or gre tunnel between two machines running
OpenBSD 4.5. North is a soekris 5501 and south is a soekris 4511. Both
are routers.
North:
LAN: 192.168.144.0/24 via 192.168.144.1
WAN: 10.0.2.1
South:
LAN: 192.168.140.0/24 via 192.168.140.1
WAN: 172.16.34.57
I'm doing the following:
North:
# ifconfig gif0 create
# ifconfig gif0 inet 172.17.0.1 172.17.0.2 netmask 255.255.255.0 \
tunnel 10.0.2.1 172.16.34.57
# route add -net 192.168.140.0/24 172.17.0.1
South:
# ifconfig gif0 create
# ifconfig gif0 inet 172.17.0.2 172.17.0.1 netmask 255.255.255.0 \
tunnel 172.16.34.57 10.0.2.1
# route add -net 192.168.144.0/24 172.17.0.2
I'm doing:
# sysctl net.inet.etherip.allow=1
On both sides.
I'm getting no joy getting packets through this tunnel. I am running
pf on this configuration. According to the documentation the default
encapsulation for the gif devices is protocol 97 etherip but when I
tcpdump my external interfaces I'm seeing encapsulated packets with
protocol 4 (ipencap) pass. So I've added the following rules to both
pf.confs:
pass in on $ext_if proto { ipencap, etherip }
pass out on $ext_if proto { ipencap, etherip }
Can anyone see anything obviously wrong or forgotten here? Or, does
anyone have a simple gif tunnel setup that could maybe assist me?
Thanks in advance,
-- Chris
