Generic Routing Encapsulation (GRE) protocol

GRE creates a virtual end-to-end network link between network nodes (that is routers), over a public network. GRE can be used to create simple VPN networks for customers that are connected to a service provider network, or between edge routers in a service provider environment, to exchange routing table updates. As this simple GRE interface does not support encryption, you may want to reconsider using GRE, if security is a priority.

FreeBSD 7 natively supports creating and manipulating standard GRE tunnels.

GRE support should be available in the FreeBSD’s kernel. If you have not compiled GRE support into kernel, the GRE kernel module will be dynamically loaded into memory upon first usage.

Creating gre(4) interface in a simple way usingifconfig(8) utility is shown here:

# ifconfig gre0 create

Note that if you do not specify the device node number, ifconfig takes the first available number and returns the new interface name, after creating the interface as follows:

# ifconfig gre create

gre1

You can also remove unnecessary gre(4) interface using ifconfig’s destroy option:

# ifconfig gre1 destroy

Now that you have created a GRE interface, you should configure both sides of the GRE interface (on both hosts). This is basically done using the ifconfig utility. Consider the following scenario in the figure to establish a GRE tunnel between Host A and Host B:

To configure Host A, you should first create a gre0 interface and then specify both ends of the link on the interface.