[Openswan Users] IPsec over GRE

Michael Smith msmith at cbnco.com
Fri Sep 7 08:31:54 EDT 2007

On Thu, 6 Sep 2007, Leonardo Rodrigues Magalhães wrote:

>    I just cant understand why you're trying IPSec over GRE .... is this some
> real situation or just some proof-concept lab thing ???

You can set up a couple of GRE tunnels between endpoints that have 
redundant WAN connections, then run OSPF over the GRE tunnels to advertise 
a route to a (virtual) address on each side, and finally run IPsec using 
those virtual addresses as left and right. That's one use for it, and the 
only special thing you have to do is trick _updown into not adding or 
deleting routes.


More information about the Users mailing list