GRE (Generic Routing Encapsulation)ΒΆ

Generic Routing Encapsulation (GRE) is a method of tunneling traffic between two endpoints without encryption. It can be used to route packets between two locations that are not directly connected, which do not require encryption. It can also be combined with a method of encryption that does not perform its own tunneling. IPsec in transport mode can use GRE for tunneling encrypted traffic in a way that allows for traditional routing or the use of routing protocols. The GRE protocol was originally designed by Cisco, and it is the default tunneling mode on many of their devices.

To create or manage a GRE interface:

  • Navigate to Interfaces > (assign), GRE tab
  • Click fa-plus Add to create a new GRE instance, or click fa-pencil to edit an existing interface.
  • Complete the settings as follows:
    Parent interface:
     The interface upon which the GRE tunnel will terminate. Often this will be WAN or a WAN-type connection.
    GRE Remote Address:
     The address of the remote peer. This is the address where the GRE packets will be sent by this firewall; The routable external address at the other end of the tunnel.
    GRE tunnel local address:
     The internal address for the end of the tunnel on this firewall. The firewall will use this address for its own traffic in the tunnel, and tunneled remote traffic would be sent to this address by the remote peer.
    GRE tunnel remote address:
     The address used by the firewall inside the tunnel to reach the other end. Traffic destined for the other end of the tunnel must use this address as a gateway for routing purposes.
    GRE Tunnel Subnet:
     The subnet mask for the GRE interface address.
    Description:A short description of this GRE tunnel for documentation purposes.
  • Click Save