Re: [44net] GRE tunnels

GRE works just fine depending on your system. We've never had any problems with GRE except using Mikrotik devices. There is a bug in the GRE implementation on MikroTiks where you will experience a 20-30% packet loss when the system is under any non-trivial use (e.g. multiple audio streams or a file transfer). Several versions of the OS and several different hardware platforms all experienced the same issue. We changed to IPIP and IPIP6 and the issue disappeared with no other reconfiguration. We're using a mix of IPIP, IPIP6, and GRE6 tunnels to a number of sites fed out of our VPS gateway. For security, do your encryption at the protocol level. SSH, HTTPS, etc. will all ride over GRE just fine. IPSec is too complicated and messy. Wireguard is a nice option but just isn't there yet, especially with hardware devices. Jason -----Original Message----- From: 44Net <44net-bounces+jason=mfamily.org(a)mailman.ampr.org> On Behalf Of pete M via 44Net Sent: Friday, December 4, 2020 12:01 PM To: 44net(a)mailman.ampr.org Cc: pete M <petem001(a)hotmail.com> Subject: [44net] GRE tunnels Hi everyone, Anyone been playing with GRE tunneling? I am looking at that solution to bring part of my /24 to sites where I have multiple machine that each need a 44 address. GRE have no encryption, it is only an encapsulation of a Layer 2 packet. This lower the actual possible MTU size lowering the throughput slightly. But it is an easy way to connect a site to the VPS. At the same time, we dont need encryption as all the data that are passing into that tunnel is supposed to be ok to route on the internet. and if they contain special thing they should already be encrypted with tls/ssl or other mean of securing the connection. Anyone have experience with this? I would then use openvpn is its normal way for simple client. Then I imagine I will need to bridge both tunnel so that every one could talk to each other at the VPS level. Sounds plausible? Pierre VE2PF _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net