|
|
Hi James, We use mrouted over OpenVPN tunnels here. Some points: . If you want to use the TUN as and mrouted leg, it can not be 255.255.255.255 :). Also they must have multicast enabled on the interfaces. . If you don't want that TUN as an MCast pariticipant and it has a subnet on it (not 255.255.255.255 :)), use the disable mrouted.conf option. Beware though that the tun must be active when you start mrouted or it will fail saying you have an error in your mrouted.conf file. . We have run mrouted on the tunnels, but currently are tunneling MultiCast using the mrouted tunnel option. These mrouted tunnels are working both inside and outside of the OpenVPN tunnels. You may recall me asking about getting 1500 to pass through OpenVPN because MCast care not for MTU discovery :). Part of the decision was based on the need to only have 2 IPs and no subnet to tunnel, but would have to break out subnets to do it the other way. . Make certain ipip module is loaded. If it isn't and you start up mrouted, it will appear to be going along fine and then just end :(. Also, for debugging, try : mrouted -d packet,routing,cache,neighbors,interface,pruning,membership,route_detail . As of linux 2.6, you need to allow traffic to MCast 224.0.0.0/4 in FORWARD rules in an unusual way. Put a -j LOG at the end of your FORWARD rules to see what I mean :). Here it looks like traffic from one interface is trying to go backwards through another interface. Other than that, I'll add that we are looking to use a current multicast application and the winner seems to be http://www.xorp.org, but I have not even set it up yet :(. Was working on switching to pimd, but that is now becoming part of xorp. Hope it helps, JES On Thu, 1 Apr 2004, James Yonan wrote: > Has anyone gotten mrouted to work over an OpenVPN tunnel using a tun interface? > > mrouted dies on startup because it doesn't like the fact that the tun > interface has a subnet mask of 255.255.255.255. > > James > > >>Here's the excerpt from mrouted: > >> > >>/* > >> * Verify that a given subnet number and mask pair are credible. > >> * > >> * With CIDR, almost any subnet and mask are credible. mrouted still > >> * can't handle aggregated class A's, so we still check that, but > >> * otherwise the only requirements are that the subnet address is > >> * within the [ABC] range and that the host bits of the subnet > >> * are all 0. > >> */ > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > -- James B. MacLean macleajb@xxxxxxxxxxx Department of Education Nova Scotia, Canada |