1.\" $NetBSD: gre.4,v 1.39 2008/05/10 09:33:31 martin Exp $ 2.\" 3.\" Copyright (c) 1998 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Heiko W.Rupp <hwr@pilhuhn.de> 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 19.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 20.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 21.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 22.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28.\" POSSIBILITY OF SUCH DAMAGE. 29.\" 30.Dd December 4, 2006 31.Dt GRE 4 32.Os 33.Sh NAME 34.Nm gre 35.Nd encapsulating network device 36.Sh SYNOPSIS 37.Cd pseudo-device gre 38.Sh DESCRIPTION 39The 40.Nm gre 41network interface pseudo device encapsulates datagrams 42into IP. 43These encapsulated datagrams are routed to a destination host, 44where they are decapsulated and further routed to their final destination. 45The 46.Dq tunnel 47appears to the inner datagrams as one hop. 48.Pp 49.Nm 50interfaces are dynamically created and destroyed with the 51.Xr ifconfig 8 52.Cm create 53and 54.Cm destroy 55subcommands. 56.Pp 57This driver currently supports the following modes of operation: 58.Bl -tag -width abc 59.It GRE encapsulation (IP protocol number 47) 60Encapsulated datagrams are 61prepended an outer datagram and a GRE header. 62The GRE header specifies the type of the encapsulated datagram and 63thus allows for tunneling other protocols than IP like e.g. AppleTalk. 64GRE mode is also the default tunnel mode on Cisco routers. 65This is also the default mode of operation of the 66.Sy gre Ns Ar X 67interfaces. 68.It GRE in UDP encapsulation 69Encapsulated datagrams are prepended a GRE header, and then they 70are sent over a UDP socket. 71Userland may create the socket and 72.Dq delegate 73it to the kernel using the 74.Dv GRESSOCK 75.Xr ioctl 2 . 76If userland does not supply a socket, then the kernel will create 77one using the addresses and ports supplied by 78.Xr ioctl 2 Ns s 79.Dv SIOCSLIFPHYADDR , 80.Dv GRESADDRD , 81and/or 82.Dv GRESADDRS . 83.It MOBILE encapsulation (IP protocol number 55) 84Datagrams are 85encapsulated into IP, but with a shorter encapsulation. 86The original IP header is modified and the modifications are inserted 87between the so modified header and the original payload. 88Like 89.Xr gif 4 , 90only for IP in IP encapsulation. 91.El 92.Pp 93The 94.Sy gre Ns Ar X 95interfaces support a number of 96.Xr ioctl 2 Ns s , 97such as: 98.Bl -tag -width aaa 99.It GRESADDRS : 100Set the IP address of the local tunnel end. 101This is the source address set by or displayed by ifconfig for the 102.Sy gre Ns Ar X 103interface. 104.It GRESADDRD : 105Set the IP address of the remote tunnel end. 106This is the destination address set by or displayed by ifconfig for the 107.Sy gre Ns Ar X 108interface. 109.It GREGADDRS : 110Query the IP address that is set for the local tunnel end. 111This is the address the encapsulation header carries as local 112address (i.e. the real address of the tunnel start point.) 113.It GREGADDRD : 114Query the IP address that is set for the remote tunnel end. 115This is the address the encapsulated packets are sent to (i.e. the 116real address of the remote tunnel endpoint.) 117.It GRESPROTO : 118Set the operation mode to the specified IP protocol value. 119The protocol is passed to the interface in (struct ifreq)-\*[Gt]ifr_flags. 120The operation mode can also be given as 121.Bl -tag -width link0xxx 122.It link0 link2 123IPPROTO_UDP 124.It link0 -link2 125IPPROTO_GRE 126.It -link0 -link2 127IPPROTO_MOBILE 128.El 129.Pp 130to 131.Xr ifconfig 8 . 132.It GREGPROTO : 133Query operation mode. 134.It GRESSOCK : 135Delegate a socket from userland to a tunnel interface in UDP 136encapsulation mode. 137The file descriptor for the socket is passed in 138(struct ifreq)-\*[Gt]ifr_value. 139.El 140.Pp 141Note that the IP addresses of the tunnel endpoints may be the same as the 142ones defined with 143.Xr ifconfig 8 144for the interface (as if IP is encapsulated), but need not be, as e.g. when 145encapsulating AppleTalk. 146.Sh EXAMPLES 147Configuration example: 148.Bd -literal 149Host X-- Host A ----------------tunnel---------- cisco D------Host E 150 \\ | 151 \\ / 152 +------Host B----------Host C----------+ 153.Ed 154On host A 155.Pq Nx : 156.Bd -literal 157 # route add default B 158 # ifconfig greN create 159 # ifconfig greN A D netmask 0xffffffff linkX up 160 # ifconfig greN tunnel A D 161 # route add E D 162.Ed 163On Host D (Cisco): 164.Bd -literal 165 Interface TunnelX 166 ip unnumbered D ! e.g. address from Ethernet interface 167 tunnel source D ! e.g. address from Ethernet interface 168 tunnel destination A 169 ip route C \*[Lt]some interface and mask\*[Gt] 170 ip route A mask C 171 ip route X mask tunnelX 172.Ed 173OR 174On Host D 175.Pq Nx : 176.Bd -literal 177 # route add default C 178 # ifconfig greN create 179 # ifconfig greN D A 180 # ifconfig tunnel greN D A 181.Ed 182.Pp 183If all goes well, you should see packets flowing ;-) 184.Pp 185If you want to reach Host A over the tunnel (from Host D (Cisco)), then 186you have to have an alias on Host A for e.g. the Ethernet interface like: 187.Bd -literal 188 ifconfig \*[Lt]etherif\*[Gt] alias Y 189.Ed 190and on the cisco 191.Bd -literal 192 ip route Y mask tunnelX 193.Ed 194.Pp 195A similar setup can be used to create a link between two private networks 196(for example in the 192.168 subnet) over the Internet: 197.Bd -literal 198192.168.1.* --- Router A -------tunnel-------- Router B --- 192.168.2.* 199 \\ / 200 \\ / 201 +----- the Internet ------+ 202.Ed 203Assuming router A has the (external) IP address A and the internal address 204192.168.1.1, while router B has external address B and internal address 205192.168.2.1, the following commands will configure the tunnel: 206.Pp 207On router A: 208.Bd -literal 209 # ifconfig greN create 210 # ifconfig greN 192.168.1.1 192.168.2.1 211 # ifconfig greN tunnel A B 212 # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 213.Ed 214.Pp 215On router B: 216.Bd -literal 217 # ifconfig greN create 218 # ifconfig greN 192.168.2.1 192.168.1.1 219 # ifconfig greN tunnel B A 220 # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 221.Ed 222.Pp 223To setup the same tunnel as above, but using GRE in UDP encapsulation 224instead of GRE encapsulation, set flags 225.Ar link0 226and 227.Ar link2 , 228and specify source and destination UDP ports. 229.Pp 230On router A: 231.Bd -literal 232 # ifconfig greN create 233 # ifconfig greN link0 link2 234 # ifconfig greN 192.168.1.1 192.168.2.1 235 # ifconfig greN tunnel A,port-A B,port-B 236 # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 237.Ed 238.Pp 239On router B: 240.Bd -literal 241 # ifconfig greN create 242 # ifconfig greN link0 link2 243 # ifconfig greN 192.168.2.1 192.168.1.1 244 # ifconfig greN tunnel B,port-B A,port-A 245 # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 246.Pp 247Along these lines, you can use GRE tunnels to interconnect two IPv6 248networks over an IPv4 infrastructure, or to hook up to the IPv6 internet 249via an IPv4 tunnel to a Cisco router. 250.Bd -literal 2512001:db8:1::/64 -- NetBSD A -----tunnel----- Cisco B --- IPv6 Internet 252 \\ / 253 \\ / 254 +----- the Internet ------+ 255 256.Ed 257The example will use the following addressing: 258.Nx 259A has the IPv4 address A and the IPv6 address 2001:db8:1::1 (connects 260to internal network 2001:db8:1::/64). 261Cisco B has external IPv4 address B. 262All the IPv6 internet world is behind B, so A wants to route 0::0/0 263(the IPv6 default route) into the tunnel. 264The GRE tunnel will use a transit network: 2001:db8:ffff::1/64 on 265the 266.Nx 267side, and ::2/64 on the Cisco side. 268Then the following commands will configure the tunnel: 269.Pp 270On router A 271.Pq Nx : 272.Bd -literal 273 # ifconfig greN create 274 # ifconfig greN inet6 2001:db8:ffff::1/64 275 # ifconfig greN tunnel A B 276 # route add -inet6 2001:db8:ffff::/64 2001:db8:ffff::2 -ifp greN 277 # route add -inet6 0::0/0 2001:db8:ffff::2 -ifp greN 278.Ed 279.Pp 280On router B (Cisco): 281.Bd -literal 282 Interface TunnelX 283 tunnel mode gre ip 284 ipv6 address 2001:db8:ffff::2/64 ! transfer network 285 tunnel source B ! e.g. address from LAN interface 286 tunnel destination A ! where the tunnel is connected to 287 ipv6 route 2001:db8::/64 TunnelX ! route this network through tunnel 288.Ed 289.Ed 290.Sh NOTES 291The MTU of 292.Sy gre Ns Ar X 293interfaces is set to 1476 by default to match the value used by Cisco routers. 294This may not be an optimal value, depending on the link between the two tunnel 295endpoints. 296It can be adjusted via 297.Xr ifconfig 8 . 298.Pp 299There needs to be a route to the decapsulating host that does not 300run over the tunnel, as this would be a loop. 301(This is not relevant for IPv6-over-IPv4 tunnels, of course.) 302.Pp 303In order to tell 304.Xr ifconfig 8 305to actually mark the interface as up, the keyword 306.Dq up 307must be given last on its command line. 308.Pp 309The kernel must be set to forward datagrams by either option 310.Em GATEWAY 311in the kernel config file or by issuing the appropriate option to 312.Xr sysctl 8 . 313.Sh SEE ALSO 314.Xr atalk 4 , 315.Xr gif 4 , 316.Xr inet 4 , 317.Xr ip 4 , 318.Xr netintro 4 , 319.Xr options 4 , 320.Xr protocols 5 , 321.Xr ifconfig 8 , 322.Xr sysctl 8 323.Pp 324A description of GRE encapsulation can be found in RFC 1701 and RFC 1702. 325.Pp 326A description of MOBILE encapsulation can be found in RFC 2004. 327.Sh AUTHORS 328.An Heiko W.Rupp Aq hwr@pilhuhn.de 329.An David Young Aq dyoung@NetBSD.org 330.Pq GRE in UDP encapsulation, bug fixes 331.Sh BUGS 332The GRE RFCs are not yet fully implemented (no GRE options). 333.Pp 334The MOBILE encapsulation appears to have been broken since 335it was first added to 336.Nx , 337until August 2006. 338It is known to interoperate with another 339.Nm 340in MOBILE mode, however, it has not been tested for interoperability 341with any other implementation of RFC 2004. 342.Pp 343The 344.Nx 345base system does not 346.Pq yet 347contain a daemon for automatically establishing a UDP tunnel between 348a host behind a NAT router and a host on the Internet. 349