* davidc [2003-10-24 16:17]:
> > +-----------------------------+ +-----------------------------+
> > |eth0 192.168.150.43 (tuntap)-----eth0 192.168.150.45 (tuntap) |
> > | | | |
> > +--eth1 192.168.140.254 (mcast) | | (mcast) 192.168.130.254 eth1--+
> > | +-----------------------------+ +-----------------------------+ |
> > | |
> > | +--------------------------+ +--------------------------+ |
> > +--eth0 192.168.140.1 (mcast)| |192.168.130.1 (mcast) eth0--+
> > +--------------------------+ +--------------------------+
> I don't see where you're using bridging in this case, which is the host and
> which are UML sessions?
Every box is one UML-Host, all of them are on one physical host.
IMO it's only necessary, that 192.168.150.43 and 192.168.150.45 can
reach each other, because these are the ipsec-gateways.
For this reason i use tuntap between these two hosts.
I tried it with mcast between the ipsec-gateways too, but the same
result, the ping-request reaches the destination, but no reply.
> I've never used IPSec but it's just a higher level protocol, there should be
> no problem transporting it over tun or a bridge. The higest protocol a
> bridge is aware of is ARP at layer 2.
Thats right, because of this i don't understand, why it shouldn't work.
> Do you need a VPN between the boxes? It isn't necessary but I can see why
> you might want to.
It's only for testing, because i want to play around with ipsec and
don't have so many computers.
bye, rene
--
| 6. Chemnitzer Linuxtag - http://www.tu-chemnitz.de/linux/tag |
| ------------------------------------------------------------ |
| Rene Caspari >> http://reca.ahrcas.net |
| EastLink >> http://www.eastlink.de |
pgpRGEIb59wpf.pgp
Description: PGP signature
|
