# multiple address gre0



## Riccardo_Ricci (Jan 29, 2018)

Hi to all!!! I need some help to configure my 3 servers... The three servers have public IP, and I need to see them via a private IP located in 172.20.x.x. I configured a gre(4) interface on servers 1 and 2 to tunnel (and I need help for Server 3).

On server1:

```
gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1476
   options=80000<LINKSTATE>
   tunnel inet a.b.c.d --> e.f.g.h
   inet 172.20.1.1 --> 172.20.1.2  netmask 0xffffff00
   nd6 options=4b<PERFORMNUD,ACCEPT_RTADV,IFDISABLED,NO_RADR>
   groups: gre
```
On server2:

```
gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1476
   options=80000<LINKSTATE>
   tunnel inet e.f.g.h --> a.b.c.d
   inet 172.20.1.2 --> 172.20.1.1  netmask 0xffffff00
   nd6 options=b<PERFORMNUD,ACCEPT_RTADV,IFDISABLED>
   groups: gre
```
1 and 2 can communicate via the tunnel...

On server3 I need a configuration like:

```
gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1476
   options=80000<LINKSTATE>
   tunnel inet i.j.k.l --> a.b.c.d
   inet 172.20.1.3 --> 172.20.1.1  netmask 0xffffff00
   nd6 options=4b<PERFORMNUD,ACCEPT_RTADV,IFDISABLED,NO_RADR>
   groups: gre
```
(2 and 3 have to be isolated from each other). But the server1 cannot accept... Any suggestion? Can I create an alias on server1 with same IP and different endpoint? Thanks to all.


----------



## SirDice (Jan 29, 2018)

Use a circular configuration, with each server having two distinct gre(4) interfaces.


```
srv1 -> srv2 ; srv2 -> srv3 ; srv3 -> srv1
```

Note however that gre(4) tunnels don't use authentication or encryption. You may want to use IPSec or OpenVPN instead.


----------



## Riccardo_Ricci (Jan 29, 2018)

SirDice said:


> Use a circular configuration, with each server having two distinct gre(4) interfaces.
> 
> 
> ```
> ...




The real state should be:

```
srv2 -------> srv1
srv3 -------> srv1
```

But srv must be 172.20.1.1 for both


----------



## Riccardo_Ricci (Jan 30, 2018)

It Works!!!
The virtual interface, with mask /32, can have the same IP and different endpoints...


```
gre0
   tunnel inet a.b.c.d --> e.f.g.h
   inet 172.20.1.1 --> 172.20.1.2  netmask 0xffffffff

gre1
   tunnel inet a.b.c.d --> i.j.k.l
   inet 172.20.1.1 --> 172.20.1.3  netmask 0xffffffff
```


----------

