download

Network Configuration—TunnelingNow that the tunnel interface seems to be up, you should verify the tunnelconnectivity using the ping command by pinging the tunnel IP address of Host Bfrom Host A and vice versa:# ping -c3 192.168.10.2PING 192.168.10.2 (192.168.10.2): 56 data bytes64 bytes from 192.168.10.2: icmp_seq=0 ttl=128 time=0.359 ms64 bytes from 192.168.10.2: icmp_seq=1 ttl=128 time=2.512 ms64 bytes from 192.168.10.2: icmp_seq=2 ttl=128 time=0.196 ms--- 192.168.10.2 ping statistics ---3 packets transmitted, 3 packets received, 0.0% packet lossround-trip min/avg/max/stddev = 0.196/1.022/2.512/1.055 msIt would be pretty straightforward to set up the GRE tunnel between two hosts sothat both support the GRE tunneling protocol. This is also possible using a Cisco orJuniper Router to peer with a FreeBSD host using the GRE tunnel.So far we did the entire configuration manually, which is good for testing thetunnel setup in the lab. In order to make the changes permanent, you need toadd appropriate configuration to the /etc/rc.conf configuration file. Tunnelconfiguration for Host A in the /etc/rc.conf file looks like the following code:cloned_interfaces="gre0"ifconfig_gre0="inet inet 192.168.10.1 192.168.10.2 netmask255.255.255.0 tunnel 10.0.2.1 10.0.1.1"Note that you can specify multiple GRE interfaces using the cloned_interfacesvariable, separated by spaces. On the second line, you can see that, we have mergedthe whole interface configuration in one line, which is also possible when you set upusing the command line.IPSECFreeBSD's IPSec stack is based on IPSec implementation from the KAME project (seehttp://www.kame.net). The IPSec feature is not available in stock GENERIC kerneland a new customized kernel should be built with the following options added to thekernel configuration file:optionsoptionsIPSECIPSEC_ESPOnce you reboot your host with the customized kernel, the IPSec protocol isavailable for implementation.[ 136 ]