Here's how I vaguely remember getting it all running
Let's say that the tunnel end points are 172.16.0.100 and 172.16.0.101
First is confirming that they are reachable from each other. ping
, whatever works for you.
Assuming that they are reachable, UCI configuration of the tunnel itself has a few gotchas. The most insidious is that OpenWrt "helpfully" adds gre4t-
to the UCI name, so you've only got a few characters to use before you hit the 15-character Linux limit, especially if you're using VLANs
gre4t-ABCD.1234
is 15 characters long, so ABCD
is the longest UCI name that I consider "safe" to use.
As I recall, I could only get the tunnels to come up if I specified both ends of them in UCI. "Trusting" routing didn't seem to work for me. My tunnel UCI looked something like
config interface 'gt01'
option proto 'gretap'
option mtu 1558
option ipaddr '172.16.0.100'
option peeraddr '172.16.0.101'
option delegate '0'
My notes indicate that is on the .100 machine -- ipaddr
is "my" address, peeraddr
is "their" address. Note that this assumes you've got at least 1558 MTU on the link -- enough for a 1500-byte Ethernet packet with headers and overhead, as I hopefully figured out correctly.
Make sure you're passing the GRE protocol over the interfaces in question and its not being blocked by firewalls. You should be able to see the packets with tcpdump on the underlying interfaces once they start flowing.
I don't recall being able to test things out here, though you should be able to see the tunnel interfaces with ip link
or the like.
Using UCI to bridge to the tunnel portals took a lot of poking and prodding. I can't explain quite why, but here's the notation I ended up with that worked for me. Additional GRE tunnels on the same bridge also get the puzzling-to-me @
sign.
config interface 'vlan1234'
option type 'bridge'
option stp '1'
option ifname 'eth0.1234 @gt01.1234'
option proto 'none'
option auto '1'
option delegate '0'
Once that's up, you should start seeing broadcast traffic on VLAN1234, at the VLAN sub-interface of the GRE tunnel, the "main" interface of the tunnel, and encapsulated on the underlying interface (172.16.0.100/.101).