• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Tunnel with gre/gif behind NAT

Riccardo_Ricci

New Member


Messages: 4

#1
I have configured tunnel with gif interface (switchable with gre without sensible problems) but... now I have to configure another tunnel, the difference from others is that the new server is behind a NAT...

Code:
eth0
    inet 192.168.1.102 netmask 0xffffff0 broadcast 192.168.1.255
The public IP address is variable (now is 151.x.x.x). Can I set the tunnel without a fixed endpoint?
 

Crest

Active Member

Thanks: 61
Messages: 209

#2
Running unencrypted tunnels through the internet is not the best of ideas even with static endpoint addresses. One way to fix both problems at once would be to use strongSwan to encrypt the GRE tunnel in transport mode with NAT-T and a updown script to sync the tunnel configurations. Just make sure to filter outgoing unencrypted GRE traffic to prevent leaking plaintext if the IPsec SA is down.