Tunnel with gre/gif behind NAT

I have configured tunnel with gif interface (switchable with gre without sensible problems) but... now I have to configure another tunnel, the difference from others is that the new server is behind a NAT...

Code:
eth0
    inet 192.168.1.102 netmask 0xffffff0 broadcast 192.168.1.255

The public IP address is variable (now is 151.x.x.x). Can I set the tunnel without a fixed endpoint?
 
Running unencrypted tunnels through the internet is not the best of ideas even with static endpoint addresses. One way to fix both problems at once would be to use strongSwan to encrypt the GRE tunnel in transport mode with NAT-T and a updown script to sync the tunnel configurations. Just make sure to filter outgoing unencrypted GRE traffic to prevent leaking plaintext if the IPsec SA is down.
 
Back
Top