Andy Ruhl <acr...@gmail.com> wrote:

> On Fri, Aug 11, 2017 at 3:53 PM, D'Arcy Cain <da...@netbsd.org> wrote:
>> On 08/11/2017 12:37 PM, D'Arcy Cain wrote:
>> It turns out that I misunderstood the example.  Both servers need to be on
>> the public Internet.  In my case only the remote was.
>>
>> Is there some way to do this?  I can port forward but I suspect that that
>> won't work as it doesn't use TCP or UDP over the tunnel.  I looked at
>> OpenVPN but that only allows individual hosts to connect.  I am trying to
>> join two internal networks.
>>
>> I can get a second IP address for my system but I need something that works
>> for other clients who may not have that option.
> 
> I suppose you could try forwarding all GRE (ip protocol 47) inward to
> wherever the GRE tunnel lives inside the network. Have you tried that?
> 
> I haven't tried doing this, I can't tell you how it would work. It's
> normally best to do these tunnels at the internet facing router, and
> then set up routes so that your internal clients can reach the other
> side.

You can forward all trafic from the consumer gizmo internet facing
router (with single public IP address from the provider) to the
internal netbsd router.  It's usually called "DMZ host" in the web
interface.

To configure the tunnel on the internal router create
/etc/ifconfig.gre0 with:

  ! route add remote-outer-ip 192.168.1.1
  local-inner-ip remote-inner-ip netmask 0xffffffff link0 -link2 up
  tunnel 192.168.1.2 remote-outer-ip

Point default route on the netbsd router to remote-inner-ip.

Here 192.168.1.1 is the local address of the external consumer gizmo
router and 192.168.1.2 is the address of the netbsd router used to
talk to the gizmo.

If the other side is also behind NAT, use provider's public address
for remote-outer-ip

PS: Hmm, looking at gre(4), shouldn't the example be fixed to say

  ifconfig greN tunnel B C

-uwe

Reply via email to