Subject: Re: rfc: gre over udp [patch]
To: None <>
From: David Young <>
List: tech-net
Date: 08/26/2006 12:19:50
On Sat, Aug 26, 2006 at 06:53:06AM -0500, Jonathan A. Kollasch wrote:
> On Sat, Aug 26, 2006 at 02:18:04AM -0500, David Young wrote:
> > I need to tunnel packets through NAT routers to a tunnel concentrator at
> > my office.  To that end, I am extending gre(4) to put tunnel packets into
> > UDP datagrams.  I have attached a patch that contains my work in progress.
> > I request your feedback.
> Couldn't you just use tunnel-mode IPsec and NAT-T?  Or is the complexity
> of IPsec/racoon trying to be avoided?

It's not just the complexity, although IPSec HOWTOs do make my head spin.
I want to use existing abstractions, such as the network interface, so
that I can re-use familiar utilities and daemons: ifconfig(8), route(8),
netstat(8), routing daemons, etc.

I am hopeful that nothing stops userland from setting up IPSec on a UDP
socket before delegating the socket to a GRE interface.


David Young             OJC Technologies      Urbana, IL * (217) 278-3933