Andy Ruhl <acr...@gmail.com> wrote: > On Fri, Aug 11, 2017 at 3:53 PM, D'Arcy Cain <da...@netbsd.org> wrote: >> On 08/11/2017 12:37 PM, D'Arcy Cain wrote: >> It turns out that I misunderstood the example. Both servers need to be on >> the public Internet. In my case only the remote was. >> >> Is there some way to do this? I can port forward but I suspect that that >> won't work as it doesn't use TCP or UDP over the tunnel. I looked at >> OpenVPN but that only allows individual hosts to connect. I am trying to >> join two internal networks. >> >> I can get a second IP address for my system but I need something that works >> for other clients who may not have that option. > > I suppose you could try forwarding all GRE (ip protocol 47) inward to > wherever the GRE tunnel lives inside the network. Have you tried that? > > I haven't tried doing this, I can't tell you how it would work. It's > normally best to do these tunnels at the internet facing router, and > then set up routes so that your internal clients can reach the other > side.
You can forward all trafic from the consumer gizmo internet facing router (with single public IP address from the provider) to the internal netbsd router. It's usually called "DMZ host" in the web interface. To configure the tunnel on the internal router create /etc/ifconfig.gre0 with: ! route add remote-outer-ip 192.168.1.1 local-inner-ip remote-inner-ip netmask 0xffffffff link0 -link2 up tunnel 192.168.1.2 remote-outer-ip Point default route on the netbsd router to remote-inner-ip. Here 192.168.1.1 is the local address of the external consumer gizmo router and 192.168.1.2 is the address of the netbsd router used to talk to the gizmo. If the other side is also behind NAT, use provider's public address for remote-outer-ip PS: Hmm, looking at gre(4), shouldn't the example be fixed to say ifconfig greN tunnel B C -uwe