25 May
2017
25 May
'17
11:04 p.m.
On Thu, May 25, 2017 at 10:34:00PM -0400, lleachii--- via 44Net wrote:
It's my understanding that the operating systems
we work with only need 1
tunnel, or one system declaration for it.
Except those OSes listed under "Non-RIP44 Workarounds", does anyone else run
an OS not on the list - that requires you to create more than one (1)
tunnel, specify a remote IP other than "Any", or create a route for it
before you receive traffic?
All I have to do is tell tunl0 to be UP and I'll receive ANYTHING. OPs using
other operating systems seem to have configuration differences (maybe that's
why they don't understand security concerns). I'm not sure if there's a
configuration difference in the Kernels, or what...?
The BSD operating system (FreeBSD, etc) kernels require a separate tunnel
for every endpoint destination. That means that you have to have 435
tunnels for full mesh connectivity (one for each gateway you want to send
to), and 622 routes pointing to them.
This is also true of various router OSs.
We get around this difficulty with FreeBSD on amprgw by not using the kernel
tunneling mechanism in the first place, but instead doing the encapsulation
and gateway selection in a user-space program, which sends over a raw socket.
- Brian