20.4. GRE over IPSecΒΆ

GRE over IPSec can be configured in VT AIR.

First create a GRE Interface in Tunnel. Make sure to activate the option assign to a new interface. Afterwards configure the Interface in Interface. Set the GRE Endpoints and the internal IPs (local and remote tunnel IPs) for example 10.10.10.1 (local) and 10.10.10.2 (remote).

Create a new IPSec Phase 1 and choose Connection Type Transport. The Interfaces must be the newly created GRE interface. The Remote Endpoints is the remote tunnel IP (the internal tunnel IP of the remote end e.g. 10.10.10.2) Configure the other parameters according to your IPSec endpoint.

A IPSec Phase 2 has to created as well with matching encryption parameters.

When the IPSec Tunnel is up it will encrypt everything that passes the GRE tunnel.

You might need to add Routes to have additional traffic pass the GRE tunnel as well as Firewall Rules (Forward and Input) to allow the traffic.