NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: gre tunnel problem



On Wed, 26 Oct 2011 20:44:50 -0500, David Young wrote:

> On Wed, Oct 26, 2011 at 04:02:15PM -0700, Harry Waddell wrote:
> > 
> > I'm trying to emulate a cisco's behavior when creating an IPSEC +
> > GRE tunnel to a fortigate device. IPSEC is working fine with
> > racoon, but I can't quite figure out how to get the gre device on
> > the netbsd device configured in such a way that the fortigate will
> > route packets back over the tunnel. That's context -- the issue is
> > seems to be failing to setup the gre device properly
> 
> What version of NetBSD are you using?
> 
> I can reproduce aspects of the problem on -current, so I am going to
> try to fix it there.
> 
> Dave
> 

I'm not sure why I never got a response via email. It was only when I did a web 
search trying to find more info about this issue that I saw your response. 
Anyway...

I'm using netbsd 5.1/amd64. 

I've since figured out a few things. IPSEC + gre between recent netbsd boxes 
seems to work, both using real and fictional addresses as the inner tunnel 
endpoints. So long as I don't try to ping a fictional local inner endpoint, 
everything else seems to just work. 

Not so lucky with the fortigate however, although that could have been due to 
my lack of understanding of their routing setup at the time. I've since managed 
to create a simpler route based vpn connection just using route and racoon, 
i.e. without any gre, but there was some weirdness that didn't match the netsbd 
ipsec how-to examples. If people are interested, once I've got this dialed in, 
I could probably post the instructions somewhere. (right now, I'm trying to fix 
an unknown SPI problem )

Thanks for looking at this. 

Harry Waddell







Home | Main Index | Thread Index | Old Index