On Wed, 12 Jan 2005 23:24:37 +0100
Lennert Buytenhek <buytenh@xxxxxxxxxxxxxx> wrote:
> Hi,
>
> After struggling with various userland VPN solutions for a while (and
> failing to make IPSEC tunnel mode do what I want), I decided to just
> implement ethernet-in-IP tunneling in the kernel and let IPSEC transport
> mode handle the rest.
>
> There appeared to be an RFC for ethernet-in-IP already, RFC 3378, so I
> just implemented that. It's very simple -- slap a 16-bit header (0x3000,
> which is 4 bits of etherip version number and 12 bits of padding) onto
> the beginning of the ethernet packet, and then wrap it in an IP packet.
>
> Below is what I came up with, against the latest Fedora Core 3 kernel,
> which is 2.6.10-something. It survives some fairly basic testing between
> a number of different machines, UP and SMP. (Corresponding iproute2
> patch is available from http://www.wantstofly.org/~buytenh/etherip/ )
>
Since it is an RFC, any chance of interoperability testing it with
something besides Linux on the other end?
--
Stephen Hemminger <shemminger@xxxxxxxx>
|