Andy Ruhl <> wrote:

> On Fri, Aug 11, 2017 at 3:53 PM, D'Arcy Cain <> wrote:
>> On 08/11/2017 12:37 PM, D'Arcy Cain wrote:
>> It turns out that I misunderstood the example.  Both servers need to be on
>> the public Internet.  In my case only the remote was.
>> Is there some way to do this?  I can port forward but I suspect that that
>> won't work as it doesn't use TCP or UDP over the tunnel.  I looked at
>> OpenVPN but that only allows individual hosts to connect.  I am trying to
>> join two internal networks.
>> I can get a second IP address for my system but I need something that works
>> for other clients who may not have that option.
> I suppose you could try forwarding all GRE (ip protocol 47) inward to
> wherever the GRE tunnel lives inside the network. Have you tried that?
> I haven't tried doing this, I can't tell you how it would work. It's
> normally best to do these tunnels at the internet facing router, and
> then set up routes so that your internal clients can reach the other
> side.

You can forward all trafic from the consumer gizmo internet facing
router (with single public IP address from the provider) to the
internal netbsd router.  It's usually called "DMZ host" in the web

To configure the tunnel on the internal router create
/etc/ifconfig.gre0 with:

  ! route add remote-outer-ip
  local-inner-ip remote-inner-ip netmask 0xffffffff link0 -link2 up
  tunnel remote-outer-ip

Point default route on the netbsd router to remote-inner-ip.

Here is the local address of the external consumer gizmo
router and is the address of the netbsd router used to
talk to the gizmo.

If the other side is also behind NAT, use provider's public address
for remote-outer-ip

PS: Hmm, looking at gre(4), shouldn't the example be fixed to say

  ifconfig greN tunnel B C


Reply via email to