howto/GRE-on-OpenBSD.md
... ...
@@ -26,6 +26,46 @@ net.inet.gre.allow=1
26 26
```
27 27
Reboot or run `sysctl net.inet.gre.allow=1` to allow GRE packet processing.
28 28
29
+-
30
+At this point, `gre0` will be administratively *UP*:
31
+```
32
+$ ifconfig gre0
33
+gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1476
34
+ index 22 priority 0 llprio 6
35
+ encap: vnetid none txprio payload rxprio packet
36
+ groups: gre
37
+ tunnel: inet6 2001:db8::a --> 2001:db9::d ttl 64 nodf ecn
38
+ inet6 fe80::221:28ff:fef9:c1d8%gre0 --> prefixlen 64 scopeid 0x16
39
+ inet6 fd42:: --> prefixlen 127
40
+```
41
+
42
+All traffic destined to `fd42::1/127` will be encapsulated and routed to *D*:
43
+```
44
+$ route show
45
+[...]
46
+Internet6:
47
+Destination Gateway Flags Refs Use Mtu Prio Iface
48
+fd42::/127 fd42:: UCn 1 0 - 4 gre0
49
+fd42:: fd42:: UHl 0 0 - 1 gre0
50
+fd42::1 link#0 UHc 0 3180 - 3 gre0
51
+fe80::%gre0/64 fe80::221:28ff:fef9:c1d8%gre0 Un 0 0 - 4 gre0
52
+fe80::221:28ff:fef9:c1d8%gre0 fe80::221:28ff:fef9:c1d8%gre0 UHl 0 0 - 1 gre0
53
+ff01::%gre0/32 fe80::221:28ff:fef9:c1d8%gre0 Um 0 1 - 4 gre0
54
+ff02::%gre0/32 fe80::221:28ff:fef9:c1d8%gre0 Um 0 1 - 4 gre0
55
+[...]
56
+```
57
+```
58
+$ route -n get fd42::1
59
+ route to: fd42::1
60
+destination: fd42::1
61
+ mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
62
+ interface: gre0
63
+ if address: fd42::
64
+ priority: 3 ()
65
+ flags: <UP,HOST,DONE,CLONED>
66
+ use mtu expire
67
+ 3181 0 0
68
+```
29 69
30 70
# Security
31 71
GRE may be protected with IPsec to encrypt and authenticate traffic, [OpenIKED](http://www.openiked.org/) can be used to establish an IKEv2 session between *A* and *B*.
... ...
\ No newline at end of file