On 2015-02-07, Andy Lemin <a...@brandwatch.com> wrote: > Hi guys, > > I’m a bit confused (easily done) as to how I would configure a GRE tunnel > through an IPSec tunnel? > > I have *many* subnets at each site, and I have a full mesh of IPSec tunnels > between each site, for each and every subnet at each site.. Urghhh! :_( > > Its over 100 tunnels now.. > > If I were to setup one IPSec tunnel between each site and have a GRE tunnel > within them, and then run a dynamic routing protocol would that work? And > would someone point me in the right direction of nesting the tunnels? > > Thanks in advance. > Andy. > >
You'd just need transport mode IPsec to protect the encapsulated packets between the endpoints (either gre or gif would work; the gif(4) manual has specific examples of use with IPsec, both for dynamic and manual keying). Because the traffic passed over the gif/gre interface uses normal route table entries, this is much easier to use with dynamic routing protocols.
