1.\" $NetBSD: gre.4,v 1.28 2002/06/10 02:49:35 itojun Exp $ 2.\" 3.\" Copyright 1998 (c) The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Heiko W.Rupp <hwr@pilhuhn.de> 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the NetBSD 20.\" Foundation, Inc. and its contributors. 21.\" 4. Neither the name of the The NetBSD Foundation nor the names of its 22.\" contributors may be used to endorse or promote products derived 23.\" from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35.\" POSSIBILITY OF SUCH DAMAGE. 36.\" 37.\" $FreeBSD$ 38.\" 39.Dd June 9, 2002 40.Dt GRE 4 41.Os 42.Sh NAME 43.Nm gre 44.Nd encapsulating network device 45.Sh SYNOPSIS 46.Cd "device gre" 47.Sh DESCRIPTION 48The 49.Nm 50network interface pseudo device encapsulates datagrams 51into IP. 52These encapsulated datagrams are routed to a destination host, 53where they are decapsulated and further routed to their final destination. 54The 55.Dq tunnel 56appears to the inner datagrams as one hop. 57.Pp 58.Nm 59interfaces are dynamically created and destroyed with the 60.Xr ifconfig 8 61.Cm create 62and 63.Cm destroy 64subcommands. 65.Pp 66This driver currently supports the following modes of operation: 67.Bl -tag -width indent 68.It "GRE encapsulation (IP protocol number 47)" 69Encapsulated datagrams are 70prepended an outer datagram and a GRE header. 71The GRE header specifies 72the type of the encapsulated datagram and thus allows for tunneling other 73protocols than IP like e.g. AppleTalk. 74GRE mode is also the default tunnel mode on Cisco routers. 75This is also the default mode of operation of the 76.Nm 77interfaces. 78.It "MOBILE encapsulation (IP protocol number 55)" 79Datagrams are 80encapsulated into IP, but with a shorter encapsulation. 81The original 82IP header is modified and the modifications are inserted between the 83so modified header and the original payload. 84Like 85.Xr gif 4 , 86only for IP-in-IP encapsulation. 87.El 88.Pp 89The 90.Nm 91interfaces support a number of 92.Xr ioctl 2 Ns s , 93such as: 94.Bl -tag -width ".Dv GRESADDRS" 95.It Dv GRESADDRS 96Set the IP address of the local tunnel end. 97This is the source address 98set by or displayed by 99.Xr ifconfig 8 100for the 101.Nm 102interface. 103.It Dv GRESADDRD 104Set the IP address of the remote tunnel end. 105This is the destination address 106set by or displayed by 107.Xr ifconfig 8 108for the 109.Nm 110interface. 111.It Dv GREGADDRS 112Query the IP address that is set for the local tunnel end. 113This is the 114address the encapsulation header carries as local address (i.e., the real 115address of the tunnel start point). 116.It Dv GREGADDRD 117Query the IP address that is set for the remote tunnel end. 118This is the 119address the encapsulated packets are sent to (i.e., the real address of 120the remote tunnel endpoint). 121.It Dv GRESPROTO 122Set the operation mode to the specified IP protocol value. 123The 124protocol is passed to the interface in 125.Po Vt "struct ifreq" Pc Ns Li -> Ns Va ifr_flags . 126The operation mode can also be given as 127.Pp 128.Bl -tag -width ".Cm -link0" -compact 129.It Cm link0 130.Dv IPPROTO_GRE 131.It Cm -link0 132.Dv IPPROTO_MOBILE 133.El 134.Pp 135to 136.Xr ifconfig 8 . 137.Pp 138The 139.Cm link1 140flag is not used to choose encapsulation, but to modify the 141internal route search for the remote tunnel endpoint, see the 142.Sx BUGS 143section below. 144.It Dv GREGPROTO 145Query operation mode. 146.El 147.Pp 148Note that the IP addresses of the tunnel endpoints may be the same as the 149ones defined with 150.Xr ifconfig 8 151for the interface (as if IP is encapsulated), but need not be, as e.g. when 152encapsulating AppleTalk. 153.Sh EXAMPLES 154Configuration example: 155.Bd -literal 156Host X-- Host A ----------------tunnel---------- Cisco D------Host E 157 \\ | 158 \\ / 159 +------Host B----------Host C----------+ 160.Ed 161.Pp 162On host A 163.Pq Fx : 164.Bd -literal -offset indent 165route add default B 166ifconfig greN create 167ifconfig greN A D netmask 0xffffffff linkX up 168ifconfig greN tunnel A D 169route add E D 170.Ed 171.Pp 172On Host D (Cisco): 173.Bd -literal -offset indent 174Interface TunnelX 175 ip unnumbered D ! e.g. address from Ethernet interface 176 tunnel source D ! e.g. address from Ethernet interface 177 tunnel destination A 178ip route C <some interface and mask> 179ip route A mask C 180ip route X mask tunnelX 181.Ed 182.Pp 183OR 184.Pp 185On Host D 186.Pq Fx : 187.Bd -literal -offset indent 188route add default C 189ifconfig greN create 190ifconfig greN D A 191ifconfig tunnel greN D A 192.Ed 193.Pp 194If all goes well, you should see packets flowing ;-) 195.Pp 196If you want to reach Host A over the tunnel (from Host D (Cisco)), then 197you have to have an alias on Host A for e.g. the Ethernet interface like: 198.Pp 199.Dl "ifconfig <etherif> alias Y" 200.Pp 201and on the Cisco: 202.Pp 203.Dl "ip route Y mask tunnelX" 204.Pp 205A similar setup can be used to create a link between two private networks 206(for example in the 192.168 subnet) over the Internet: 207.Bd -literal 208192.168.1.* --- Router A -------tunnel-------- Router B --- 192.168.2.* 209 \\ / 210 \\ / 211 +------ the Internet ------+ 212.Ed 213.Pp 214Assuming router A has the (external) IP address A and the internal address 215192.168.1.1, while router B has external address B and internal address 216192.168.2.1, the following commands will configure the tunnel: 217.Pp 218On router A: 219.Bd -literal -offset indent 220ifconfig greN create 221ifconfig greN 192.168.1.1 192.168.2.1 link1 222ifconfig greN tunnel A B 223route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 224.Ed 225.Pp 226On router B: 227.Bd -literal -offset indent 228ifconfig greN create 229ifconfig greN 192.168.2.1 192.168.1.1 link1 230ifconfig greN tunnel B A 231route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 232.Ed 233.Pp 234Note that this is a safe situation where the 235.Cm link1 236flag (as discussed in the 237.Sx BUGS 238section below) may (and probably should) be set. 239.Sh NOTES 240The MTU of 241.Nm 242interfaces is set to 1476 by default, to match the value used by Cisco routers. 243This may not be an optimal value, depending on the link between the two tunnel 244endpoints. 245It can be adjusted via 246.Xr ifconfig 8 . 247.Pp 248For correct operation, the 249.Nm 250device needs a route to the destination that is less specific than the 251one over the tunnel. 252(Basically, there needs to be a route to the decapsulating host that 253does not run over the tunnel, as this would be a loop.) 254If the addresses are ambiguous, doing the 255.Nm ifconfig Cm tunnel 256step before the 257.Xr ifconfig 8 258call to set the 259.Nm 260IP addresses will help to find a route outside the tunnel. 261.Pp 262In order to tell 263.Xr ifconfig 8 264to actually mark the interface as 265.Dq up , 266the keyword 267.Cm up 268must be given last on its command line. 269.Pp 270The kernel must be set to forward datagrams by setting the 271.Va ip.forwarding 272.Xr sysctl 8 273variable to non-zero. 274.Sh SEE ALSO 275.\" Xr atalk 4 , 276.Xr gif 4 , 277.Xr inet 4 , 278.Xr ip 4 , 279.Xr netintro 4 , 280.\" Xr options 4 , 281.Xr protocols 5 , 282.Xr ifconfig 8 , 283.Xr sysctl 8 284.Pp 285A description of GRE encapsulation can be found in RFC 1701 and RFC 1702. 286.Pp 287A description of MOBILE encapsulation can be found in RFC 2004. 288.Sh AUTHORS 289.An Heiko W.Rupp Aq hwr@pilhuhn.de 290.Sh BUGS 291The 292.Fn compute_route 293code in 294.Pa if_gre.c 295toggles the last bit of the 296IP-address to provoke the search for a less specific route than the 297one directly over the tunnel to prevent loops. 298This is possibly not the best solution. 299.Pp 300To avoid the address munging described above, turn on the 301.Cm link1 302flag on the 303.Xr ifconfig 8 304command line. 305This implies that the GRE packet destination and the ifconfig remote host 306are not the same IP addresses, and that the GRE destination does not route 307over the 308.Nm 309interface itself. 310.Pp 311The GRE RFCs are not yet fully implemented (no GRE options). 312