Michael Grimm <[email protected]> wrote:
Nevermind, I solved my issue. I has been a minor typo with major consequences.
> Configuration (shown for hostA, only):
>
> setkey.conf
> # hostA hostB
> hostA hostB
> spdadd 10.1.1.0/24 10.2.2.0/24 any -P out ipsec
> esp/tunnel/1.2.3.4-10.20.30.40/require;
Contrarily to this example line above, my real setkey.conf has had an "in"
instead of "out" :-(
> Achieved sofar:
>
> #) Allowing arpproxy_all="YES" will satisfy ARP (MACs from opposite
> VNET jails will become assigned).
> I do not know if that is needed, but now ping from jails to the
> opposite jails will at least start to send ICMP packages.
Now I have to state: yes, ARP proxying is mandatory in my setup.
Hmm, I need to learn more about ARP. Because now I do observe a lot of lines
like …
| <kern.info> mike kernel: arp: proxy: ignoring request from 10.1.1.1
via epair1a
… and I do not know if I do have to be concerned about those. Do I?
Sorry for the noise!
Regards,
Michael
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[email protected]"
