• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Tunnel with gre/gif behind NAT


New Member

Messages: 4

I have configured tunnel with gif interface (switchable with gre without sensible problems) but... now I have to configure another tunnel, the difference from others is that the new server is behind a NAT...

    inet netmask 0xffffff0 broadcast
The public IP address is variable (now is 151.x.x.x). Can I set the tunnel without a fixed endpoint?


Active Member

Thanks: 62
Messages: 210

Running unencrypted tunnels through the internet is not the best of ideas even with static endpoint addresses. One way to fix both problems at once would be to use strongSwan to encrypt the GRE tunnel in transport mode with NAT-T and a updown script to sync the tunnel configurations. Just make sure to filter outgoing unencrypted GRE traffic to prevent leaking plaintext if the IPsec SA is down.