[Openswan Users] GRE over IPSec - Cisco endpoint

Tom Stockton tom at stocktons.org.uk
Sun Dec 20 14:08:31 EST 2009

On Fri, Dec 18, 2009 at 3:41 PM, Erich Titl <erich.titl at think.ch> wrote:
>> I haven't attempted to do any GRE yet but I don't understand how I
>> would do it as part of the IPSec connection.  I can understand making
>> a GRE connection after the IPSec tunnel was setup but in this case the
>> IPSec and GRE endpoints are the same IP addresses so I don't
>> understand how I could route the GRE connection through the IPSec
>> tunnel without breaking IPSec ?
> AFAIK a GRE endpoint is just another logical endpoint in your network.
> It can have any address you want to give it, completely apart from the
> IPSEC tunnel transporting the GRE tunnel.

This was my understanding also, I can't understand how it is possible
to create an IPSec connection to an endpoint and then route a GRE
connection to the same endpoint through the IPSec tunnel - surely this
would break the original IPSec connection ?

The engineer managing the other end informs me though that the GRE
connection is made as part of the IPSec tunnel (phase 2 to be exact)
and that this is how it works ..... It does work from a cisco device
(we already do it) but I need to figure out how to do the same in



More information about the Users mailing list