Hey all,

I know that it's possible to run GRE over and IPsec tunnel but I am
wondering if anyone here has seen some good documentation (besides the man
pages) or a howto on setting this up. I'm trying to config my OpenBSD
4.0firewall to interop with a route-based VPN network with a mix of
Fortigate
and Netscreen firewalls. Fortigates and Netscreens both use GRE interaces as
"tunnel interfaces" when creating route-based VPN tunnels. Right now all
endpoints are using un-numbered (0.0.0.0/0) GRE interfaces and so I would
like to use a similar configuration on the OpenBSD side but I am just
wondering how to accomplish this as I am uncertain how to bind the GRE
interface to a tunnel.

Right now I have a hub-and-spoke VPN network using static routes to route
traffic across the VPN. Each spoke endpoint has a static destination route
of 10.1.0.0/16 which is sent over GRE interface. The only exception to the
hub-and-spoke VPN is my OpenBSD firewall which I have to create VPN tunnels
to every spoke network I need access to (quite painfull). On my OpenBSD box
I would like to be able to use a single static destination route of
10.1.0.0/16 to send this traffic over a GRE interface to get to the rest of
the VPN network. Here's a snippet of the hub-and-spoke VPN network:

1.1.1.1
----------------
OpenBSD
10.1.1.0/24
----------------
    |
    |
    |
    |
2.2.2.2
----------------
Fortigate (Hub)
10.1.2.0/24
----------------
    |
    |
    |
    |
3.3.3.3
----------------
Juniper
10.1.3.0/24
----------------

Thanks in advance for your help.

Cheers,
-Chris