gre interfaces are dynamically created and destroyed with the ifconfig(8) create and destroy subcommands.
This driver currently supports the following modes of operation:
GRESSOCK
ioctl(2).
If userland does not supply a socket, then the kernel will create
one using the addresses and ports supplied by
ioctl(2)s
SIOCSLIFPHYADDR
,
GRESADDRD
,
and/or
GRESADDRS
.
The greX interfaces support a number of ioctl(2)s, such as:
to ifconfig(8).
Note that the IP addresses of the tunnel endpoints may be the same as the ones defined with ifconfig(8) for the interface (as if IP is encapsulated), but need not be, as e.g. when encapsulating AppleTalk.
Host X-- Host A ----------------tunnel---------- cisco D------Host E
\ |
\ /
+------Host B----------Host C----------+
On host A
(NetBSD):
# route add default B
# ifconfig greN create
# ifconfig greN A D netmask 0xffffffff linkX up
# ifconfig greN tunnel A D
# route add E D
On Host D (Cisco):
Interface TunnelX
ip unnumbered D ! e.g. address from Ethernet interface
tunnel source D ! e.g. address from Ethernet interface
tunnel destination A
ip route C <some interface and mask>
ip route A mask C
ip route X mask tunnelX
OR
On Host D
(NetBSD):
# route add default C
# ifconfig greN create
# ifconfig greN D A
# ifconfig tunnel greN D A
If all goes well, you should see packets flowing ;-)
If you want to reach Host A over the tunnel (from Host D (Cisco)), then
you have to have an alias on Host A for e.g. the Ethernet interface like:
and on the cisco
ifconfig <etherif> alias Y
ip route Y mask tunnelX
A similar setup can be used to create a link between two private networks
(for example in the 192.168 subnet) over the Internet:
Assuming router A has the (external) IP address A and the internal address
192.168.1.1, while router B has external address B and internal address
192.168.2.1, the following commands will configure the tunnel:
192.168.1.* --- Router A -------tunnel-------- Router B --- 192.168.2.*
\ /
\ /
+----- the Internet ------+
On router A:
# ifconfig greN create
# ifconfig greN 192.168.1.1 192.168.2.1
# ifconfig greN tunnel A B
# route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1
On router B:
# ifconfig greN create
# ifconfig greN 192.168.2.1 192.168.1.1
# ifconfig greN tunnel B A
# route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1
To setup the same tunnel as above, but using GRE in UDP encapsulation instead of GRE encapsulation, set flags link0 and link2, and specify source and destination UDP ports.
On router A:
# ifconfig greN create
# ifconfig greN link0 link2
# ifconfig greN 192.168.1.1 192.168.2.1
# ifconfig greN tunnel A,port-A B,port-B
# route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1
On router B:
Along these lines, you can use GRE tunnels to interconnect two IPv6
networks over an IPv4 infrastructure, or to hook up to the IPv6 internet
via an IPv4 tunnel to a Cisco router.
On router A
(NetBSD):
On router B (Cisco):
# ifconfig greN create
# ifconfig greN link0 link2
# ifconfig greN 192.168.2.1 192.168.1.1
# ifconfig greN tunnel B,port-B A,port-A
# route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1
The example will use the following addressing:
NetBSD
A has the IPv4 address A and the IPv6 address 2001:db8:1::1 (connects
to internal network 2001:db8:1::/64).
Cisco B has external IPv4 address B.
All the IPv6 internet world is behind B, so A wants to route 0::0/0
(the IPv6 default route) into the tunnel.
The GRE tunnel will use a transit network: 2001:db8:ffff::1/64 on
the
NetBSD
side, and ::2/64 on the Cisco side.
Then the following commands will configure the tunnel:
2001:db8:1::/64 -- NetBSD A -----tunnel----- Cisco B --- IPv6 Internet
\ /
\ /
+----- the Internet ------+
# ifconfig greN create
# ifconfig greN inet6 2001:db8:ffff::1/64
# ifconfig greN tunnel A B
# route add -inet6 2001:db8:ffff::/64 2001:db8:ffff::2 -ifp greN
# route add -inet6 0::0/0 2001:db8:ffff::2 -ifp greN
Interface TunnelX
tunnel mode gre ip
ipv6 address 2001:db8:ffff::2/64 ! transfer network
tunnel source B ! e.g. address from LAN interface
tunnel destination A ! where the tunnel is connected to
ipv6 route 2001:db8::/64 TunnelX ! route this network through tunnel
There needs to be a route to the decapsulating host that does not run over the tunnel, as this would be a loop. (This is not relevant for IPv6-over-IPv4 tunnels, of course.)
In order to tell ifconfig(8) to actually mark the interface as up, the keyword ``up'' must be given last on its command line.
The kernel must be set to forward datagrams by either option GATEWAY in the kernel config file or by issuing the appropriate option to sysctl(8).
A description of GRE encapsulation can be found in RFC 1701 and RFC 1702.
A description of MOBILE encapsulation can be found in RFC 2004.
The MOBILE encapsulation appears to have been broken since it was first added to NetBSD, until August 2006. It is known to interoperate with another gre in MOBILE mode, however, it has not been tested for interoperability with any other implementation of RFC 2004.
The NetBSD base system does not (yet) contain a daemon for automatically establishing a UDP tunnel between a host behind a NAT router and a host on the Internet.