1.\" $NetBSD: gre.4,v 1.37 2007/05/27 19:15:48 dyoung Exp $ 2.\" 3.\" Copyright 1998 (c) The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Heiko W.Rupp <hwr@pilhuhn.de> 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the NetBSD 20.\" Foundation, Inc. and its contributors. 21.\" 4. Neither the name of The NetBSD Foundation nor the names of its 22.\" contributors may be used to endorse or promote products derived 23.\" from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35.\" POSSIBILITY OF SUCH DAMAGE. 36.\" 37.Dd December 4, 2006 38.Dt GRE 4 39.Os 40.Sh NAME 41.Nm gre 42.Nd encapsulating network device 43.Sh SYNOPSIS 44.Cd pseudo-device gre 45.Sh DESCRIPTION 46The 47.Nm gre 48network interface pseudo device encapsulates datagrams 49into IP. 50These encapsulated datagrams are routed to a destination host, 51where they are decapsulated and further routed to their final destination. 52The 53.Dq tunnel 54appears to the inner datagrams as one hop. 55.Pp 56.Nm 57interfaces are dynamically created and destroyed with the 58.Xr ifconfig 8 59.Cm create 60and 61.Cm destroy 62subcommands. 63.Pp 64This driver currently supports the following modes of operation: 65.Bl -tag -width abc 66.It GRE encapsulation (IP protocol number 47) 67Encapsulated datagrams are 68prepended an outer datagram and a GRE header. 69The GRE header specifies the type of the encapsulated datagram and 70thus allows for tunneling other protocols than IP like e.g. AppleTalk. 71GRE mode is also the default tunnel mode on Cisco routers. 72This is also the default mode of operation of the 73.Sy gre Ns Ar X 74interfaces. 75.It GRE in UDP encapsulation 76Encapsulated datagrams are prepended a GRE header, and then they 77are sent over a UDP socket. 78Userland may create the socket and 79.Dq delegate 80it to the kernel using the 81.Dv GRESSOCK 82.Xr ioctl 2 . 83If userland does not supply a socket, then the kernel will create 84one using the addresses and ports supplied by 85.Xr ioctl 2 Ns s 86.Dv SIOCSLIFPHYADDR , 87.Dv GRESADDRD , 88and/or 89.Dv GRESADDRS . 90.It MOBILE encapsulation (IP protocol number 55) 91Datagrams are 92encapsulated into IP, but with a shorter encapsulation. 93The original IP header is modified and the modifications are inserted 94between the so modified header and the original payload. 95Like 96.Xr gif 4 , 97only for IP in IP encapsulation. 98.El 99.Pp 100The 101.Sy gre Ns Ar X 102interfaces support a number of 103.Xr ioctl 2 Ns s , 104such as: 105.Bl -tag -width aaa 106.It GRESADDRS : 107Set the IP address of the local tunnel end. 108This is the source address set by or displayed by ifconfig for the 109.Sy gre Ns Ar X 110interface. 111.It GRESADDRD : 112Set the IP address of the remote tunnel end. 113This is the destination address set by or displayed by ifconfig for the 114.Sy gre Ns Ar X 115interface. 116.It GREGADDRS : 117Query the IP address that is set for the local tunnel end. 118This is the address the encapsulation header carries as local 119address (i.e. the real address of the tunnel start point.) 120.It GREGADDRD : 121Query the IP address that is set for the remote tunnel end. 122This is the address the encapsulated packets are sent to (i.e. the 123real address of the remote tunnel endpoint.) 124.It GRESPROTO : 125Set the operation mode to the specified IP protocol value. 126The protocol is passed to the interface in (struct ifreq)-\*[Gt]ifr_flags. 127The operation mode can also be given as 128.Bl -tag -width link0xxx 129.It link0 link2 130IPPROTO_UDP 131.It link0 -link2 132IPPROTO_GRE 133.It -link0 -link2 134IPPROTO_MOBILE 135.El 136.Pp 137to 138.Xr ifconfig 8 . 139.It GREGPROTO : 140Query operation mode. 141.It GRESSOCK : 142Delegate a socket from userland to a tunnel interface in UDP 143encapsulation mode. 144The file descriptor for the socket is passed in 145(struct ifreq)-\*[Gt]ifr_value. 146.El 147.Pp 148Note that the IP addresses of the tunnel endpoints may be the same as the 149ones defined with 150.Xr ifconfig 8 151for the interface (as if IP is encapsulated), but need not be, as e.g. when 152encapsulating AppleTalk. 153.Sh EXAMPLES 154Configuration example: 155.Bd -literal 156Host X-- Host A ----------------tunnel---------- cisco D------Host E 157 \\ | 158 \\ / 159 +------Host B----------Host C----------+ 160.Ed 161On host A 162.Pq Nx : 163.Bd -literal 164 # route add default B 165 # ifconfig greN create 166 # ifconfig greN A D netmask 0xffffffff linkX up 167 # ifconfig greN tunnel A D 168 # route add E D 169.Ed 170On Host D (Cisco): 171.Bd -literal 172 Interface TunnelX 173 ip unnumbered D ! e.g. address from Ethernet interface 174 tunnel source D ! e.g. address from Ethernet interface 175 tunnel destination A 176 ip route C \*[Lt]some interface and mask\*[Gt] 177 ip route A mask C 178 ip route X mask tunnelX 179.Ed 180OR 181On Host D 182.Pq Nx : 183.Bd -literal 184 # route add default C 185 # ifconfig greN create 186 # ifconfig greN D A 187 # ifconfig tunnel greN D A 188.Ed 189.Pp 190If all goes well, you should see packets flowing ;-) 191.Pp 192If you want to reach Host A over the tunnel (from Host D (Cisco)), then 193you have to have an alias on Host A for e.g. the Ethernet interface like: 194.Bd -literal 195 ifconfig \*[Lt]etherif\*[Gt] alias Y 196.Ed 197and on the cisco 198.Bd -literal 199 ip route Y mask tunnelX 200.Ed 201.Pp 202A similar setup can be used to create a link between two private networks 203(for example in the 192.168 subnet) over the Internet: 204.Bd -literal 205192.168.1.* --- Router A -------tunnel-------- Router B --- 192.168.2.* 206 \\ / 207 \\ / 208 +----- the Internet ------+ 209.Ed 210Assuming router A has the (external) IP address A and the internal address 211192.168.1.1, while router B has external address B and internal address 212192.168.2.1, the following commands will configure the tunnel: 213.Pp 214On router A: 215.Bd -literal 216 # ifconfig greN create 217 # ifconfig greN 192.168.1.1 192.168.2.1 218 # ifconfig greN tunnel A B 219 # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 220.Ed 221.Pp 222On router B: 223.Bd -literal 224 # ifconfig greN create 225 # ifconfig greN 192.168.2.1 192.168.1.1 226 # ifconfig greN tunnel B A 227 # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 228.Ed 229.Pp 230To setup the same tunnel as above, but using GRE in UDP encapsulation 231instead of GRE encapsulation, set flags 232.Ar link0 233and 234.Ar link2 , 235and specify source and destination UDP ports. 236.Pp 237On router A: 238.Bd -literal 239 # ifconfig greN create 240 # ifconfig greN link0 link2 241 # ifconfig greN 192.168.1.1 192.168.2.1 242 # ifconfig greN tunnel A,port-A B,port-B 243 # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 244.Ed 245.Pp 246On router B: 247.Bd -literal 248 # ifconfig greN create 249 # ifconfig greN link0 link2 250 # ifconfig greN 192.168.2.1 192.168.1.1 251 # ifconfig greN tunnel B,port-B A,port-A 252 # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 253.Pp 254Along these lines, you can use GRE tunnels to interconnect two IPv6 255networks over an IPv4 infrastructure, or to hook up to the IPv6 internet 256via an IPv4 tunnel to a Cisco router. 257.Bd -literal 2582001:db8:1::/64 -- NetBSD A -----tunnel----- Cisco B --- IPv6 Internet 259 \\ / 260 \\ / 261 +----- the Internet ------+ 262 263.Ed 264The example will use the following addressing: 265.Nx 266A has the IPv4 address A and the IPv6 address 2001:db8:1::1 (connects 267to internal network 2001:db8:1::/64). 268Cisco B has external IPv4 address B. 269All the IPv6 internet world is behind B, so A wants to route 0::0/0 270(the IPv6 default route) into the tunnel. 271The GRE tunnel will use a transit network: 2001:db8:ffff::1/64 on 272the 273.Nx 274side, and ::2/64 on the Cisco side. 275Then the following commands will configure the tunnel: 276.Pp 277On router A 278.Pq Nx : 279.Bd -literal 280 # ifconfig greN create 281 # ifconfig greN inet6 2001:db8:ffff::1/64 282 # ifconfig greN tunnel A B 283 # route add -inet6 2001:db8:ffff::/64 2001:db8:ffff::2 -ifp greN 284 # route add -inet6 0::0/0 2001:db8:ffff::2 -ifp greN 285.Ed 286.Pp 287On router B (Cisco): 288.Bd -literal 289 Interface TunnelX 290 tunnel mode gre ip 291 ipv6 address 2001:db8:ffff::2/64 ! transfer network 292 tunnel source B ! e.g. address from LAN interface 293 tunnel destination A ! where the tunnel is connected to 294 ipv6 route 2001:db8::/64 TunnelX ! route this network through tunnel 295.Ed 296.Ed 297.Sh NOTES 298The MTU of 299.Sy gre Ns Ar X 300interfaces is set to 1476 by default to match the value used by Cisco routers. 301This may not be an optimal value, depending on the link between the two tunnel 302endpoints. 303It can be adjusted via 304.Xr ifconfig 8 . 305.Pp 306There needs to be a route to the decapsulating host that does not 307run over the tunnel, as this would be a loop. 308(This is not relevant for IPv6-over-IPv4 tunnels, of course.) 309.Pp 310In order to tell 311.Xr ifconfig 8 312to actually mark the interface as up, the keyword 313.Dq up 314must be given last on its command line. 315.Pp 316The kernel must be set to forward datagrams by either option 317.Em GATEWAY 318in the kernel config file or by issuing the appropriate option to 319.Xr sysctl 8 . 320.Sh SEE ALSO 321.Xr atalk 4 , 322.Xr gif 4 , 323.Xr inet 4 , 324.Xr ip 4 , 325.Xr netintro 4 , 326.Xr options 4 , 327.Xr protocols 5 , 328.Xr ifconfig 8 , 329.Xr sysctl 8 330.Pp 331A description of GRE encapsulation can be found in RFC 1701 and RFC 1702. 332.Pp 333A description of MOBILE encapsulation can be found in RFC 2004. 334.Sh AUTHORS 335.An Heiko W.Rupp Aq hwr@pilhuhn.de 336.An David Young Aq dyoung@NetBSD.org 337.Pq GRE in UDP encapsulation, bug fixes 338.Sh BUGS 339The GRE RFCs are not yet fully implemented (no GRE options). 340.Pp 341The MOBILE encapsulation appears to have been broken since 342it was first added to 343.Nx , 344until August 2006. 345It is known to interoperate with another 346.Nm 347in MOBILE mode, however, it has not been tested for interoperability 348with any other implementation of RFC 2004. 349.Pp 350The 351.Nx 352base system does not 353.Pq yet 354contain a daemon for automatically establishing a UDP tunnel between 355a host behind a NAT router and a host on the Internet. 356