Understanding VLAN Configuration on FreeBSD

Until recently, I’ve never had a chance to use VLANs on FreeBSD hosts, though I sometimes configure them on ethernet switches. But when I was playing with vnet jails, I suddenly got interested in VLAN configuration on FreeBSD and experimented with it for some time. I wrote this short article to summarize my current understanding of how to configure VLANs on FreeBSD. Terminology I think the word VLAN is being used in at least two different senses.
Read more...

Building a WireGuard Jail with the FreeBSD's Standard Tools

Recently, I had an opportunity to build a WireGuard jail on a FreeBSD 12.1 host. As it was really quick and easy to setup and it has been working completely fine for a month, I’d like to share my experience with anyone interested in this topic. I would like to use WireGuard app on my Android phone to access my home NAS (a vanilla FreeBSD server) via the WireGuard tunnel and reach the Internet through the tunnel too.
Read more...

WireGuard on FreeBSD Quick Look Part 2: Android Remote Access

After playing briefly with WireGuard (See previous post) on FreeBSD VNET Jails, today I performed a quick test between a FreeBSD host and an Android device over the Internet. NOTE: WireGuard is still in early stage of development. Android app is clearly marked with beta and Go-implementation (wireguard-go) has no official release yet. This article just shows you what I did to take a look at it. 2020-04-26: I wrote a new post on building a WireGuard jail with the FreeBSD’s standard tools.
Read more...

WireGuard on FreeBSD Quick Look: Testing VPN in Jail Network

WireGuard is a new VPN application which focuses on simplicity thus security and speed. Although it was initially developed as a Linux kernel feature, now it has a userspace implementation in Go and binary packages are available for FreeBSD. I used this weekend to have a quick look at it on FreeBSD 12.0. This time I focused on site-to-site VPN setup. Maybe I will try remote-access VPN configuration in the near future.
Read more...

Learning Spanning Tree Protocol with FreeBSD Bridges

Spanning Tree Protocol is a standard protocol for network bridges (layer-two switches) to autonomously find a logical loop-free topology and provide redundancy to the network. Several variants have been developed since its birth, in which the most common standard is Rapid Spanning Tree Protocol (RSTP). Many managed switches implement the protocol and often enable it by default. Although it’s quite common in the networking world where I’m living in its perimeter, it’s been something vague and unfamiliar to me for a long time.
Read more...

Connecting to the IPv6 Internet via tunnel (HE TunnelBroker)

I had been playing with IPv6 on various systems in early 2000s. They were mostly NetBSD (1.x) and FreeBSD (4.x) plus Windows XP. My home network had been connected to the IPv6 Internet with a router running NetBSD/hpcmips which was installed on a Windows CE handheld PC. After a decade and a half, I decided to reconnect my home network to the IPv6 Internet. Unfortunately, native IPv6 service is still unavailable for me.
Read more...

Route-based VPN with FreeBSD-11.1's IPsec VTI

I have managed to setup route-based IPsec VPN with FreeBSD-11.1 RC3, which had introduced ipsec virtual tunnel interface if_ipsec(4). Here is a record of my experiment just for your information. Prerequisite FreeBSD-11.1-RC3/amd64 Generic kernel No special packages/ports (just added sudo and a few other must-have utilities) Network configuration NOTE: The following text shows bsd1 configurations only. 10.0.0.1 10.0.0.2 192.168.10.0/24 --- [bsd1] ----- /// ----- [bsd2] --- 192.168.20.0/24 172.
Read more...