On Wed, Jan 12, 2005 at 04:04:55PM -0800, Stephen Hemminger wrote:
> > After struggling with various userland VPN solutions for a while (and
> > failing to make IPSEC tunnel mode do what I want), I decided to just
> > implement ethernet-in-IP tunneling in the kernel and let IPSEC transport
> > mode handle the rest.
> >
> > There appeared to be an RFC for ethernet-in-IP already, RFC 3378, so I
> > just implemented that. It's very simple -- slap a 16-bit header (0x3000,
> > which is 4 bits of etherip version number and 12 bits of padding) onto
> > the beginning of the ethernet packet, and then wrap it in an IP packet.
> >
> > Below is what I came up with, against the latest Fedora Core 3 kernel,
> > which is 2.6.10-something. It survives some fairly basic testing between
> > a number of different machines, UP and SMP. (Corresponding iproute2
> > patch is available from http://www.wantstofly.org/~buytenh/etherip/ )
>
> Since it is an RFC, any chance of interoperability testing it with
> something besides Linux on the other end?
Some googling suggests that OpenBSD implements this as well.
Anyone here with an OpenBSD box on the 'net that's willing to do
some tests?
cheers,
Lennert
|