Hi all, I hope that someone here on the list could give me some hints on how I can make my setup working.
I have the following setup:
"Virtual server 1" is connected to "Virtual server 2" via egre over ipsec on
both sides I’m using a bridge and a vether interface.
Both virtual servers are located at different hosters and have public ip
addresses.
Between them the mentioned private connection is always coming up and working
(I can ping 192.168.79.1 / 192.168.79.2 from each other)
In addition I have my router at home which connects via separate egre over
ipsec with a bridge and a vether interface connections
to each of the virtual servers. This router unfortunately has only a dynamic
ipv4 address.
The connection between the router and the virtual servers is for some reason
not coming up completely.
To my analysis so far it seems that the router bridge learns the Mac addresses
of the remote virtual servers vether interfaces, but for
some reason the bridges on the virtual servers do not learn the address of the
routers vether interface.
tcpdump does show traffic coming into enc0, but it never reaches the bridge,
even with pf disabled.
As I can ping the interface with ip 192.168.66.1 from each of the virtual
servers on the router, I’m leaving out the iced configuration.
If this is needed I could also provide it.
Find here the corresponding configurations of each of the machines:
Virtual server 1:
(Working between virtual server 1 and 2)
/etc/hostname.bridge0
add vether0
add egre0
up
/etc/hostname.vether0
mtu 1500
inet 192.168.79.1/24
up
/etc/hostname.egre0
mtu 1500 -tunneldf
tunnel a.b.c.d w.x.y.z
vnetid 12
up
(Not working between virtual server 1 and router)
/etc/hostname.bridge2
add vether1
add egre1
up
/etc/hostname.vether1
mtu 1500
inet 192.168.80.1/24
up
/etc/hostname.egre1
mtu 1500 -tunneldf
tunnel a.b.c.d 192.168.66.1
vnetid 31
up
Virtual server 2:
(Working between virtual server 1 and 2)
/etc/hostname.bridge0
add vether0
add egre0
up
/etc/hostname.vether0
mtu 1500
inet 192.168.79.2/24
up
/etc/hostname.egre0
mtu 1500 -tunneldf
tunnel w.x.y.z a.b.c.d
vnetid 12
up
(Not working between virtual server 1 and router)
/etc/hostname.bridge2
add vether2
add egre2
up
/etc/hostname.vether2
mtu 1500
inet 192.168.81.1/24
up
/etc/hostname.egre2
mtu 1500 -tunneldf
tunnel w.x.y.z 192.168.66.1
vnetid 32
up
Router:
/etc/hostname.bridge0
add vether1
add egre1
up
/etc/hostname.vether1
mtu 1500
inet 192.168.80.2/24
up
/etc/hostname.egre1
mtu 1500 -tunneldf
tunnel 192.168.66.1 a.b.c.d
vnetid 31
up
/etc/hostname.bridge2
add vether2
add egre2
up
/etc/hostname.vether2
mtu 1500
inet 192.168.81.2/24
up
/etc/hostname.egre2
mtu 1500 -tunneldf
tunnel 192.168.66.1 w.x.y.z
vnetid 32
up
As an example I provide here the output of ifconfig for the relevant interfaces
on virtual server 1 (ipv6 stuff removed):
vio0:
flags=e08843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6,INET6_NOSOII,AUTOCONF4>
mtu 1500
lladdr 56:00:03:8c:96:8c
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect
status: active
inet a.b.c.d netmask 0xfffffe00 broadcast 199.247.3.255
enc0: flags=41<UP,RUNNING>
index 2 priority 0 llprio 3
groups: enc
status: active
bridge0: flags=41<UP,RUNNING> mtu 1500
index 4 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
egre0 flags=3<LEARNING,DISCOVER>
port 6 ifpriority 0 ifcost 0
vether0 flags=3<LEARNING,DISCOVER>
port 8 ifpriority 0 ifcost 0
bridge2: flags=41<UP,RUNNING> mtu 1500
index 5 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
egre1 flags=3<LEARNING,DISCOVER>
port 12 ifpriority 0 ifcost 0
vether1 flags=3<LEARNING,DISCOVER>
port 9 ifpriority 0 ifcost 0
egre0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d0:b9:3c
index 6 priority 0 llprio 3
encap: vnetid 12 txprio 0 rxprio packet
groups: egre
tunnel: inet a.b.c.d --> w.x.y.z ttl 64 nodf
vether0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d2:eb:05
index 8 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 192.168.79.1 netmask 0xffffff00 broadcast 192.168.79.255
vether1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d3:94:e9
index 9 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 192.168.80.1 netmask 0xffffff00 broadcast 192.168.80.255
egre1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d4:c5:8f
index 12 priority 0 llprio 3
encap: vnetid 31 txprio 0 rxprio packet
groups: egre
tunnel: inet a.b.c.d --> 192.168.66.1 ttl 64 nodf
And here the router side (ipv6 stuff removed):
em0:
flags=808b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,AUTOCONF4>
mtu 1500
lladdr 00:0d:b9:44:ec:dc
description: External Connection 1 Cable
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet e.f.g.h netmask 0xffffff00 broadcast 95.89.130.255
enc0: flags=41<UP,RUNNING>
index 4 priority 0 llprio 3
groups: enc
status: active
bridge0: flags=41<UP,RUNNING> mtu 1500
index 6 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
designated: id 00:00:00:00:00:00 priority 0
egre1 flags=3<LEARNING,DISCOVER>
port 8 ifpriority 0 ifcost 0
vether1 flags=3<LEARNING,DISCOVER>
port 14 ifpriority 0 ifcost 0
Addresses (max cache: 100, timeout: 240):
fe:e1:ba:d3:94:e9 egre1 1 flags=0<>
bridge2: flags=41<UP,RUNNING> mtu 1500
index 36 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
designated: id 00:00:00:00:00:00 priority 0
egre2 flags=3<LEARNING,DISCOVER>
port 9 ifpriority 0 ifcost 0
vether2 flags=3<LEARNING,DISCOVER>
port 15 ifpriority 0 ifcost 0
Addresses (max cache: 100, timeout: 240):
fe:e1:ba:d3:42:9c egre2 1 flags=0<>
egre1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d0:dc:c9
index 8 priority 0 llprio 3
encap: vnetid 31 txprio 0 rxprio packet
groups: egre
tunnel: inet 192.168.66.1 --> a.b.c.d ttl 64 nodf
egre2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d1:4f:4c
index 9 priority 0 llprio 3
encap: vnetid 32 txprio 0 rxprio packet
groups: egre
tunnel: inet 192.168.66.1 --> w.x.y.z ttl 64 nodf
vether1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d2:ac:6b
index 14 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 192.168.80.2 netmask 0xffffff00 broadcast 192.168.80.255
vether2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d3:80:aa
index 15 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 192.168.81.2 netmask 0xffffff00 broadcast 192.168.81.255
Doing a tcpdump, when pinging from router to virtual server I see arp requests
on enc0, but no responses, the traffic never shows up on bridge2 (even with pf
disabled)
tcpdump -nvveei enc0 host e.f.g.h
tcpdump: listening on enc0, link-type ENC
11:11:46.538947 (authentic,confidential): SPI 0xb20636b0: e.f.g.h > a.b.c.d:
e.f.g.h > a.b.c.d: gre [K] 6558 key=31|0+1f fe:e1:ba:d2:ac:6b ff:ff:ff:ff:ff:ff
0806 42: arp who-has 192.168.80.1 tell 192.168.80.2 (ttl 64, id 46024, len 70)
(ttl 54, id 49233, len 90)
Many thanks for any hints that could help me make this work!
Bedst rewards
Markus
signature.asc
Description: Message signed with OpenPGP
