download

Network Configuration—TunnelingIn this chapter, we will look into the following:• GRE• IPSECGeneric Routing Encapsulation (GRE)protocolGRE creates a virtual end-to-end network link between network nodes (that isrouters), over a public network.GRE can be used to create simple VPN networks for customers that are connectedto a service provider network, or between edge routers in a service providerenvironment, to exchange routing table updates. As this simple GRE interfacedoes not support encryption, you may want to reconsider using GRE, if securityis a priority.FreeBSD 7 natively supports creating and manipulating standard GRE tunnels.GRE support should be available in the FreeBSD's kernel. If you havenot compiled GRE support into kernel, the GRE kernel module will bedynamically loaded into memory upon first usage.Creating gre(4) interface in a simple way using ifconfig(8) utility is shown here:# ifconfig gre0 createNote that if you do not specify the device node number, ifconfig takes the firstavailable number and returns the new interface name, after creating the interfaceas follows:# ifconfig gre creategre1You can also remove unnecessary gre(4) interface using ifconfig'sdestroy option:# ifconfig gre1 destroyNow that you have created a GRE interface, you should configure both sides of theGRE interface (on both hosts). This is basically done using the ifconfig utility.[ 134 ]