GRE over IPsec and Peer address registration by NHRP


- Version: 0.2.b1-022 or later


Rockhopper supports Generic Routing Encapsulation (GRE) and peer address registration by Next Hop Resolution Protocol (NHRP).

When you connect Rockhopper with non-Rockhopper products like Cisco devices or configure Dynamic Multipoint VPN (DMVPN), you may need to use these features.

By specifying Generic Routing Encapsulation (GRE) as an encapsulation mode for a VPN tunnel/tap interface (e.g. rhpvif10), the VPN interface works as a multipoint GRE interface. On the other hand, Rockhopepr doesn't support a point-to-point tunnel interface.


Rockhopper uses EtherIP encapsulation by default. In addition, Rockhopper's implementation allows to send and receive IP multicast packets via IPsec tunnels even when IP encapsulation (IP over IP) is configured instead. Also, Rockhopper peers exchange their internal addresses configured for vpn tunnel interfaces by using an IKE private extension and so peer address registration by NHRP is unnecessary.


- Enable GRE encapsulation


If you want to enable IKEv1, see IKEv1 configuration.

  1. Open Rockhopper Web Console and login.

  2. Load a VPN realm's configuration.

    - VPN Configuration[Tab] > VPN Realms[Left-Tree]

  3. Setup VPN Interface.

    - VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree] > VPN Interface[Left-Tree]:
    Click this tree node and show VPN Tunnel/TAP Interface pane.

    - Enter the following.

    Encapsulation Mode: Generic Routing Encapsulation (GRE)
    GRE Key: 1000 (if needed)

  4. Save this realm's configuration.

    - VPN Configuration[Tab] > Edit VPN Realm(Save, Add, Remove or Load)[Left-Tree]:
    Click this tree node and show Edit VPN Realm(Save, Add, Remove, or Load) pane.

    - Click Save Configuration button.




- Enable peer address registration by NHRP


  1. Open Rockhopper Web Console and login.

  2. Load a VPN realm's configuration.

    - VPN Configuration[Tab] > VPN Realms[Left-Tree]

  3. Setup VPN Interface.

    - VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree] > VPN Interface[Left-Tree]:
    Click this tree node and show VPN Tunnel/TAP Interface pane.

    - Enter the following.

    Encapsulation Mode: Generic Routing Encapsulation (GRE)
    GRE Key: 1000 (if needed)
    NHRP (Next Hop Resolution Protocol) Key: testnhrpkey (if needed)

  4. Setup Service.

    - VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree]
    > Service[Left-Tree]: Click this tree node and show Service pane.

    - NHRP (Next Hop Resolution Protocol): Check Enable (Internal Address Registration).

  5. Save this realm's configuration.

    - VPN Configuration[Tab] > Edit VPN Realm(Save, Add, Remove or Load)[Left-Tree]:
    Click this tree node and show Edit VPN Realm(Save, Add, Remove, or Load) pane.

    - Click Save Configuration button.




- Configuration examples




- RFCs


Back to Top