All,
It's my understanding that the operating systems we work with only need 1 tunnel, or one system declaration for it.
Except those OSes listed under "Non-RIP44 Workarounds", does anyone else run an OS not on the list - that requires you to create more than one (1) tunnel, specify a remote IP other than "Any", or create a route for it before you receive traffic?
All I have to do is tell tunl0 to be UP and I'll receive ANYTHING. OPs using other operating systems seem to have configuration differences (maybe that's why they don't understand security concerns). I'm not sure if there's a configuration difference in the Kernels, or what...?
73,
- Lynwood KB3VWG
On Thu, May 25, 2017 at 10:34:00PM -0400, lleachii--- via 44Net wrote:
It's my understanding that the operating systems we work with only need 1 tunnel, or one system declaration for it.
Except those OSes listed under "Non-RIP44 Workarounds", does anyone else run an OS not on the list - that requires you to create more than one (1) tunnel, specify a remote IP other than "Any", or create a route for it before you receive traffic?
All I have to do is tell tunl0 to be UP and I'll receive ANYTHING. OPs using other operating systems seem to have configuration differences (maybe that's why they don't understand security concerns). I'm not sure if there's a configuration difference in the Kernels, or what...?
The BSD operating system (FreeBSD, etc) kernels require a separate tunnel for every endpoint destination. That means that you have to have 435 tunnels for full mesh connectivity (one for each gateway you want to send to), and 622 routes pointing to them.
This is also true of various router OSs.
We get around this difficulty with FreeBSD on amprgw by not using the kernel tunneling mechanism in the first place, but instead doing the encapsulation and gateway selection in a user-space program, which sends over a raw socket. - Brian
-
Brian Kantor -
lleachii@aol.com