VPN force-all, Gre | Netopia 3300-ENT instruction

4-14 Firmware User Guide

VPN force-all

GRE tunnelling supports “VPN force-all,” which forces all trafﬁc coming from the LAN onto the GRE tunnel. You accomplish this by setting the default route to go through the GRE tunnel. A secondary host route where all tunneled GRE packets route to the actual WAN interface can be conﬁgured as a static route when required.

The following table outlines various force-all conﬁgurations for different networking scenarios; all other options can safely use their default values:

				GRE Proﬁle	GRE Proﬁle IP
		Easy Setup	System Conﬁguration Menu	Encapsulation	GRE Proﬁle IP
		Easy Setup	System Conﬁguration Menu	Encapsulation	Parameters Menu
				Menu	Parameters Menu
				Menu


		IP =	IP Default Gateway =	Remote Tunnel End	Remote Member IP
		some_IP_address	127.0.0.2	Point =	= 127.0.0.2
				peer_tunnel_
		Mask =	Gateway Static Route:	IP_address	Remote Member
		some_IP_mask	Destination Network =		Mask cannot be
			GRE		255.255.255.255
	Static WAN IP	Data Link	Remote_Tunnel_End_Point
		Encapsulation =
		1483, 1490, HDLC,	Destination Netmask =
		PPP	Remote_Tunnel_End_Point_
			netmask
			Next Gateway = local_WAN_IP

		IP = 0.0.0.0	IP Default Gateway =	see above	see above
		Mask = 0.0.0.0	127.0.0.2
	Dynamic WAN IP
			Gateway static route is
			recommended

		Remote IP =	see above	see above	see above
		some_IP_address
	Static PPPoE
		Remote Mask =
		some_IP_mask

		Remote IP =	IP Default Gateway =	see above	Remote Member IP
		127.0.0.2	127.0.0.3		= 127.0.0.3
	Auto PPPoE	Remote Mask =			Remote Member
		Remote Mask =			Remote Member
		255.255.255.255			Mask cannot be
					255.255.255.255

Note: A GRE tunnel cannot transmit RIP routes over a force-all tunnel, or with a remote member IP with a host part of all zeros.

Image 106

Netopia 3300-ENT manual VPN force-all, Gre