Subject: IPIP driver (ipipN)
To: None <tech-net@netbsd.org>
From: Michael Graff <explorer@flame.org>
List: tech-net
Date: 05/23/1999 21:59:32
It seems to me this is written exactly backwards. :)
Suppose I want to set up a VNPish thing that has a remote network of
192.168.42/24. It appears I have to do this:
ifconfig ipip0 local-real remote-real netmask 0xffffffff up
route add 192.168.42.0 remote-real netmask 0xffffff00
This does two things:
(1) makes it so I cannot ping the remote-real address any
longer. Try it, it complains about "message too long"
(2) to be part of the VNP itself, I need to add an ifconfig
alias for the local host. If I do this on the ipip0
interface itself, netstat -rn shows Bad Stuff.
(3) It seems to be very confusing, and basically a hack.
It seems that it should work more like this:
ifconfig ipip0 local-vpn remote-vpn netmask 0xffffff00
ipipcfg ipip0 local-real remote-real
That allows ipf to filter based on interface as well as address, if
you are trying to do what I am trying to do, which is have multiple
VPNs go to the same remote-real address.
The problem is, the ipip protocol doesn't include any sort of
identifcation other than the tunnel endpoints of the encapsulated
addresses. This makes selecting which ipipN interface problematic...
Or am I just totally confused about this whole thing, and it's not as
hard as it appears to be?
The real problem seems to be that I want to specify a source address
to use for a route... And not hack the routing table like is done
now...
--Michael