xref: /openbsd-src/share/man/man4/gre.4 (revision f2da64fbbbf1b03f09f390ab01267c93dfd77c4c) 
1.\" $OpenBSD: gre.4,v 1.46 2016/08/31 18:16:54 jmc Exp $
2.\" $NetBSD: gre.4,v 1.10 1999/12/22 14:55:49 kleink Exp $
3.\"
4.\" Copyright 1998 (c) The NetBSD Foundation, Inc.
5.\" All rights reserved.
6.\"
7.\" This code is derived from software contributed to The NetBSD Foundation
8.\" by Heiko W. Rupp <hwr@pilhuhn.de>
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21.\" TO, THE  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27.\" CONTRACT, STRICT  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28.\" ARISING IN ANY WAY  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29.\" POSSIBILITY OF SUCH DAMAGE.
30.\"
31.Dd $Mdocdate: August 31 2016 $
32.Dt GRE 4
33.Os
34.Sh NAME
35.Nm gre ,
36.Nm mobileip
37.Nd encapsulating network device
38.Sh SYNOPSIS
39.Cd "pseudo-device gre"
40.Sh DESCRIPTION
41The
42.Nm
43driver allows tunnel construction using the Cisco GRE or
44the Mobile IP (RFC 2004) encapsulation protocols.
45.Pp
46.Tn GRE ,
47.Tn WCCPv1 ,
48and
49.Tn Mobile IP
50are enabled with the following
51.Xr sysctl 3
52variables respectively in
53.Pa /etc/sysctl.conf :
54.Bl -tag -width "net.inet.mobileip.allow"
55.It Va net.inet.gre.allow
56Allow GRE packets in and out of the system.
57.It Va net.inet.gre.wccp
58Set to 1 to allow WCCPv1-style GRE packets into the system;
59set to 2 to handle the packets as WCCPv2-style GRE, truncating
60the redirect header.
61Some magic with the packet filter configuration
62and a caching proxy like squid are needed
63to do anything useful with these packets.
64This sysctl requires
65.Va gre.allow
66to be set.
67.It Va net.inet.mobileip.allow
68Allow Mobile IP packets in and out of the system.
69.El
70.Pp
71This driver currently supports the following modes of operation:
72.Bl -tag -width mobileipXXX
73.It Nm gre
74GRE datagrams (IP protocol number 47)
75are prepended by an outer datagram and a GRE header.
76The GRE header specifies the type of the encapsulated datagram
77and thus allows for tunneling other protocols than IP,
78such as AppleTalk.
79GRE mode is the default tunnel mode on Cisco routers.
80This is also the default mode of operation of the
81.Nm
82interfaces.
83.It Nm mobileip
84MOBILE datagrams (IP protocol number 55)
85are encapsulated into IP, but with a much smaller
86encapsulation header.
87This protocol only supports IP in IP encapsulation, and is intended
88for use with Mobile IP.
89.El
90.Pp
91A
92.Nm gre
93or
94.Nm mobileip
95interface can be created at runtime using the
96.Ic ifconfig gre Ns Ar N Ic create
97command or by setting up a
98.Xr hostname.if 5
99configuration file for
100.Xr netstart 8 .
101The MTU is set to 1476 by default to match the value used by Cisco routers.
102This may not be an optimal value,
103depending on the link between the two tunnel endpoints,
104but it can be adjusted via
105.Xr ifconfig 8 .
106.Pp
107For correct operation,
108there needs to be a route to the destination
109that is less specific than the one over the tunnel
110(there needs to be a route to the decapsulating host that
111does not run over the tunnel, as this would create a loop).
112.Pp
113Note that the IP addresses of the tunnel endpoints may be the same as the
114ones defined with
115.Xr ifconfig 8
116for the interface (as if IP is encapsulated) but need not be as,
117for example, when encapsulating AppleTalk.
118.Sh EXAMPLES
119Configuration example:
120.Bd -literal
121Host X ---- Host A ------------ tunnel ------------ Cisco D ---- Host E
122               \e                                      /
123                \e                                    /
124                 +------ Host B ------ Host C ------+
125.Ed
126.Pp
127On Host A
128.Pq Ox :
129.Bd -literal -offset indent
130# route add default B
131# ifconfig greN create
132# ifconfig greN A D netmask 0xffffffff linkX up
133# ifconfig greN tunnel A D
134# route add E D
135.Ed
136.Pp
137On Host D (Cisco):
138.Bd -literal -offset indent
139Interface TunnelX
140 ip unnumbered D   ! e.g. address from Ethernet interface
141 tunnel source D   ! e.g. address from Ethernet interface
142 tunnel destination A
143ip route C <some interface and mask>
144ip route A mask C
145ip route X mask tunnelX
146.Ed
147.Pp
148OR
149.Pp
150On Host D
151.Pq Ox :
152.Bd -literal -offset indent
153# route add default C
154# ifconfig greN create
155# ifconfig greN D A
156# ifconfig greN tunnel D A
157.Ed
158.Pp
159To reach Host A over the tunnel (from Host D), there has to be an
160alias on Host A for the Ethernet interface:
161.Pp
162.Dl # ifconfig <etherif> alias Y
163.Pp
164and on the Cisco:
165.Pp
166.Dl ip route Y mask tunnelX
167.Pp
168Keepalive packets may optionally be sent to the remote endpoint, which
169decapsulates and returns them, allowing tunnel failure to be detected.
170Enable them like this:
171.Bd -literal -offset indent
172# ifconfig greN keepalive period count
173.Ed
174.Pp
175This will send a keepalive packet every
176.Ar period
177seconds.
178If no response is received in
179.Ar count
180*
181.Ar period
182seconds, the link is considered down.
183To return keepalives, the remote host must be configured to forward packets:
184.Bd -literal -offset indent
185# sysctl net.inet.ip.forwarding=1
186.Ed
187.Pp
188If
189.Xr pf 4
190is enabled then it is necessary to add a pass rule specific for the keepalive
191packets.
192The rule must use
193.Cm no state
194because the keepalive packet is entering the network stack multiple times.
195In most cases the following should work:
196.Bd -literal -offset indent
197pass quick on gre proto gre no state
198.Ed
199.Sh SEE ALSO
200.Xr inet 4 ,
201.Xr ip 4 ,
202.Xr netintro 4 ,
203.Xr options 4 ,
204.Xr hostname.if 5 ,
205.Xr protocols 5 ,
206.Xr ifconfig 8 ,
207.Xr netstart 8 ,
208.Xr sysctl 8
209.Sh STANDARDS
210.Rs
211.%A S. Hanks
212.%A "T. Li"
213.%A D. Farinacci
214.%A P. Traina
215.%D October 1994
216.%R RFC 1701
217.%T Generic Routing Encapsulation (GRE)
218.Re
219.Pp
220.Rs
221.%A S. Hanks
222.%A "T. Li"
223.%A D. Farinacci
224.%A P. Traina
225.%D October 1994
226.%R RFC 1702
227.%T Generic Routing Encapsulation over IPv4 networks
228.Re
229.Pp
230.Rs
231.%A C. Perkins
232.%D October 1996
233.%R RFC 2004
234.%T Minimal Encapsulation within IP
235.Re
236.Pp
237.Rs
238.%U http://www.wrec.org/Drafts/draft-ietf-wrec-web-pro-00.txt
239.%T Web Cache Coordination Protocol V1.0
240.Re
241.Pp
242.Rs
243.%U http://www.wrec.org/Drafts/draft-wilson-wrec-wccp-v2-00.txt
244.%T Web Cache Coordination Protocol V2.0
245.Re
246.Sh AUTHORS
247.An Heiko W. Rupp Aq Mt hwr@pilhuhn.de
248.Sh BUGS
249The GRE RFC is not yet fully implemented (no GRE options).
250.Pp
251The redirect header for WCCPv2 GRE encapsulated packets is skipped.
252