Re: Error trying to create gre tunnel
On 2017-08-11 17:53, D'Arcy Cain wrote: Is there some way to do this? I can port forward but I suspect that that won't work as it doesn't use TCP or UDP over the tunnel. I looked at OpenVPN but that only allows individual hosts to connect. I am trying to join two internal networks. Instructions for doing LAN-to-LAN with OpenVPN: https://community.openvpn.net/openvpn/wiki/RoutedLans -- Michael Parson Pflugerville, TX KF5LGQ
Re: Error trying to create gre tunnel
Date:Sat, 12 Aug 2017 10:20:00 -0400 From:"D'Arcy Cain"Message-ID: <875c4376-5649-1e0e-7b7f-be9de9b5f...@netbsd.org> | > 2) in the man page example address C is | > not mentioned at all in the configuration of "Router A" | As I said, I am going by someone else's statement. That was me (off list) -- and the two of you are talking about different things, the address that has to be local is 'B', Valery is talking about 'C' which needs only to be an address that will (somehow, how does not matter) result in the packet arriving at the remote end (and such that when it arrives, the dest addr that is then in the packet is one that matches its GRE config.) | Also, DMZ didn't help. It may be that the Linksys WRT router only | handles TCP and UDP protocols. I may just have to put the NetBSD box as | the public gateway. While the latter could bring a host of other management benefits, if that is not the planned config, then I'd stull suggest trying GRE over UDP rather than GRE over IP. NAT should fix the IP addresses as needed - you just need to make sure that the NAT doesn't randomly reassign UDP port numbers, or there will be no way to properly configure things. kre
Re: Error trying to create gre tunnel
On 08/12/2017 09:08 AM, Valery Ushakov wrote: I don't think so. I am pretty sure that I read that the first argument to tunnel must be an address on the host server. Not sure where I read that though as I have been doing a lot of research in the last day or two. I couldn't find it in the man page. Two points here: 1) the example I gave is adapted from the actual working configuration I use; 2) in the man page example address C is not mentioned at all in the configuration of "Router A". How can router A divine it, as it obviously needs to send the GRE packets to the address C (remote-outer-ip). As I said, I am going by someone else's statement. I do know that if I put an address not on a local interface I get the error that started this thread. Also, DMZ didn't help. It may be that the Linksys WRT router only handles TCP and UDP protocols. I may just have to put the NetBSD box as the public gateway. -- D'Arcy J.M. Cainhttp://www.NetBSD.org/ IM:da...@vex.net
Re: Error trying to create gre tunnel
On Sat, Aug 12, 2017 at 08:48:24 -0400, D'Arcy Cain wrote: > On 08/12/2017 12:16 AM, Valery Ushakov wrote: > > You can forward all trafic from the consumer gizmo internet facing > > router (with single public IP address from the provider) to the > > internal netbsd router. It's usually called "DMZ host" in the web > > interface. > > I considered that but it seems insecure. I do have a few ports pointing to > the device already though so that would just open all of them. I suppose it > would be no worse than using the NetBSD box as my gateway router. Yes, the netbsd router is effectively the gateway router. > > PS: Hmm, looking at gre(4), shouldn't the example be fixed to say > > > >ifconfig greN tunnel B C > > I don't think so. I am pretty sure that I read that the first argument to > tunnel must be an address on the host server. Not sure where I read that > though as I have been doing a lot of research in the last day or two. I > couldn't find it in the man page. Two points here: 1) the example I gave is adapted from the actual working configuration I use; 2) in the man page example address C is not mentioned at all in the configuration of "Router A". How can router A divine it, as it obviously needs to send the GRE packets to the address C (remote-outer-ip). -uwe
Re: Error trying to create gre tunnel
On 08/12/2017 12:16 AM, Valery Ushakov wrote: You can forward all trafic from the consumer gizmo internet facing router (with single public IP address from the provider) to the internal netbsd router. It's usually called "DMZ host" in the web interface. I considered that but it seems insecure. I do have a few ports pointing to the device already though so that would just open all of them. I suppose it would be no worse than using the NetBSD box as my gateway router. I will try your suggestions. PS: Hmm, looking at gre(4), shouldn't the example be fixed to say ifconfig greN tunnel B C I don't think so. I am pretty sure that I read that the first argument to tunnel must be an address on the host server. Not sure where I read that though as I have been doing a lot of research in the last day or two. I couldn't find it in the man page. OK, found it. It was a statement in an email from kre@. Robert - can you give us a citation? Should the man page be updated? -- D'Arcy J.M. Cainhttp://www.NetBSD.org/ IM:da...@vex.net