Setting up multiple tunnels in rc.conf

B

beaute

Hello,

I would like to set up three encrypted tunnels over a static line. I did this manually using ifconfig and route commands and everything was fine. However, when I try to do it in order for it to be static on system boot, it doesn't work. This is the content concerned from my rc.conf file:

Code: 
ifconfig_msk0="inet 192.168.1.1 netmask 255.255.255.0"
cloned_interfaces="gif0 gif1 gif2"
ifconfig_gif0="inet 10.0.0.1 10.0.0.2 tunnel 192.168.1.1 192.168.1.2 up"
static_routes="tunnelone tunneltwo tunnelthree"
route_tunnelone="10.0.0.0 10.0.0.2 255.255.255.0"
ifconfig_gif1="inet 172.16.0.1 172.16.0.2 tunnel 192.168.1.1 192.168.1.2 up"
route_tunneltwo="172.16.0.0 172.16.0.2 255.255.255.0"
ifconfig_gif2="inet 10.30.0.1 10.30.0.2 tunnel 192.168.1.1 192.168.1.2 up"
route_tunnelthree="10.30.0.0 10.30.0.2 255.255.255.0"
inetd_enable="YES"

When I try to ping the IP address of the same machine (i.e. ping 10.0.0.1 from the machine that has this tunnel), I get response. But when I try to ping it from the other machine (10.0.0.2 ping 10.0.0.1) I get network is down.

What am I doing wrong?
 
I don't use gif myself, but I see a lot of references to a different syntax, specifically for gif. Does this ring a bell (or give you a leg-up)?

Code: 
gif_interfaces="gif0 gif1"
gifconfig_gif0="203.107.34.2 203.107.34.3"
gifconfig_gif1="203.107.34.2 203.107.34.4"
ifconfig_gif0="inet 10.255.255.1 10.255.255.2 netmask 255.255.255.240"
ifconfig_gif1="inet 10.255.255.1 10.255.255.3 netmask 255.255.255.240"
 
Thanks for replying me. I did see this reference to setting up tunnels. I just wasn't sure what's really the difference between gifconfig_gif0 and ifconfig_gif0. which one is the tunnel interface and which one is the other?

what's weird is that my tunnel seems to work on gif0. gif0 has the ip address of 10.0.0.1 on machine A and 10.0.0.2 on machine 2, i am able to ping between these two ip address and looking at wireshark and tcpdump packets i can see that the packets are travelling through the designated routes. but for gif1 for example which has the ip 172.16.0.1 on machine A and 172.16.0.2 on machine B, when i try to ping i get network is down. there is no activity whatsoever on gif1 interface upon initializing the ping through.

the settings are exactly the same for gif1/2 and gif0. i just don't understand why it would only work for gif0 and not the other two...
 
This post appears to suggest that gifconfig sets the tunnel. Compare rc.conf settings and ifconfig output in that post.
 
Okay, I did exactly the same as that website suggests. The difference is that they are tunneling the traffic to two different virtual hosts, not one. whereas i only have one direct link that traffic can be tunneled through.

My RC.Conf according to the website looks like this now:
Code: 
ifconfig_msk0="inet 192.168.1.1 netmask 255.255.255.0"
cloned_interfaces="gif0 gif1 gif2"
gif_interfaces="gif0 gif1 gif2"
gifconfig_gif0="192.168.1.1 192.168.1.2"
ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 0xffffffff mtu 1500"
gifconfig_gif1="192.168.1.1 192.168.1.2"
ifconfig_gif1="inet 10.30.0.1 10.30.0.2 netmask 0xffffffff mtu 1500"
gifconfig_gif2="192.168.1.1 192.168.1.2"
ifconfig_gif2="inet 172.16.0.1 172.16.0.2 netmask 0xffffffff mtu 1500"

When I do ifconfig, I don't get the routing line for the gif1 and gif2 interfaces, only gif0. Same as before. So it looks different from the output on that post. This is my output:
Code: 
msk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=11a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4>
	ether 00:1e:90:9c:cd:7f
	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
	media: Ethernet autoselect (1000baseT <full-duplex,flag0,flag1>)
	status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 
	inet6 ::1 prefixlen 128 
	inet 127.0.0.1 netmask 0xff000000 
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
	tunnel inet 192.168.1.1 --> 192.168.1.2
	inet 10.0.0.1 --> 10.0.0.2 netmask 0xff000000 
	options=1<ACCEPT_REV_ETHIP_VER>
gif1: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1280
	inet 172.16.0.1 --> 172.16.0.2 netmask 0xffff0000 
	options=1<ACCEPT_REV_ETHIP_VER>
gif2: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1280
	inet 10.30.0.1 --> 10.30.0.2 netmask 0xff000000 
	options=1<ACCEPT_REV_ETHIP_VER>

I also tried looking up man pages gofr gifconfig and the command does not exist for me.

Any further assistance is appreciated.
 
The concept of gifconfig only exists in the context of rc.conf. It is probably expanded to some different statements.

[cmd=]$ grep gif /etc/defaults/rc.conf[/cmd]
 
Thanks a lot for your response. I finally managed to do it using a combination of racoon and ifconfig alias. I now have three tunnels running and traffic is being routed to the correct interface. The problem was that binding tunnels to the same ip address was not possible. utilizing alias solved this problem. For anyone who is interested, here is the concerned lines from my rc.conf.

Code: 
ifconfig_msk0="inet 192.168.1.1 netmask 255.255.255.0"
ifconfig_msk0_alias0="inet 192.168.1.10 netmask 255.255.255.255"
ifconfig_msk0_alias1="inet 192.168.1.100 netmask 255.255.0.0"

cloned_interfaces="gif0 gif1 gif2"
gif_interfaces="gif0 gif1 gif2"

gifconfig_gif0="192.168.1.1 192.168.1.2"
ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.0 mtu 1500"

gifconfig_gif1="192.168.1.10 192.168.1.20"
ifconfig_gif1="inet 10.30.0.1 10.30.0.2 netmask 255.255.255.0 mtu 1500"

gifconfig_gif2="192.168.1.100 192.168.1.200"
ifconfig_gif2="inet 10.60.0.1 10.60.0.2 netmask 255.255.255.0 mtu 1500"

This topic can be marked as Solved now.
 
You must log in or register to reply here.
Back
Top