•  Home
  •  Dashboard
  •  Company
    • About Us
    • Blog
    • Careers
    • Contact Us
    • Data Centers
    • Looking Glass
    • Network
    • Reseller
  •  Hosting Services
    • Backup
    • Content Delivery Network
    • Colocation Hosting
    • Dedicated Hosting
    • DDoS Mitigation
    • IP Transit
    • Private Cloud
    • Wavelength
  •  Solutions
    • Ecommerce
    • Finance
    • Gaming
    • Hosting
    • Management
    • Security
    • System Integrator
  •  Support
    • Community
    • Knowledge Base
    • Open A Ticket
  •  USA & Canada: 800-933-1517
  •  International: 626-549-2801
  •  Email: sales@psychz.net
  • Services
    • Dedicated Servers
    • Colocation
    • Private Cloud
    • DDos Protection
    • IP Transit
    • CDN
    • Backup
  • Solutions
    • Ecommerce
    • Security
    • Gaming
    • Hosting
    • Management
    • Finance
    • System Integrator
  • Dashboard

Is GRE secure?

  • Home
  • Client
  • Qa Forum
  • Is GRE secure?

Posted By: Ivor | 1 Replies | Last Reply On: Sep 26, 2019 12:38:00

Is GRE tunnel secure?  What role will IPsec play when setting up a GRE tunnel? 

Psychz - Savita

Votes: 4Posted On: Sep 26, 2019 12:38:00
 

Generic Routing Encapsulation (GRE) is used when IP packets need to be sent from one network to another, without being parsed or treated like IP packets by any intervening routers. However, they are not secure, does not provide encryption. With GRE we can configure a virtual tunnel between two endpoints. Generic Routing Encapsulation (GRE) was primarily designed to send multicast over a non-multicast enabled cloud. Normally without having GRE, it is not easy to send routing information between 2 segments separated by the internet. So with GRE, 2 branches can be merged into one routing domain using GRE tunnels between the branch gateways. With the encapsulation, you are converting any multicast packet into a unicast with the GRE endpoints as headers.

Now, for a private cloud, just plain GRE can be used as it is secured. But, with IPsec, you can add encryption to securely send it across a public cloud. The IP Security (IPsec) Encapsulating Security Payload (ESP), encapsulates IP packets to secure the payload using encryption. IPsec ESP is used when IP packets need to be exchanged between two systems while being protected against eavesdropping or modification along the way.

Here's an example of how IPsec works. In a regular VPN, a source host in network "A" transmits an IP packet. When that packet reaches the edge of network "A" it hits a VPN gateway. VPN gateway "A" encrypts the private IP packet and relays it over an ESP tunnel to a peer VPN gateway at the edge of network "B." VPN gateway "B" then decrypts the packet and delivers it to the destination host. Like GRE, it doesn't really matter how the two VPN gateways communicate with each other -- hops in between just pass along the ESP packet. But unlike GRE, someone at those hops could not possibly look at or change the encapsulated IP packet, even if they wanted to. That's because cryptographic algorithms have been applied to scramble the IP packet and detect any modification or replay.

So, to sum it up, use GRE where IP tunneling without privacy is required -- it's simpler and thus faster. But, use IPsec ESP where IP tunneling and data privacy are required -- it provides security features that are not even attempted by GRE.

Was this reply helpful?

Related topics

  • Guide to establish a GRE Tunnel and BGP peering session on MikroTik RouterOS
  • Mikrotik Gre Tunnel Configuration
  • DDoS protection using BGP/GRE Tunnel
  • DDOS Protected IP's in London with GRE Tunnel
  • Is Mongodb Secure?
  • How to secure Mongodb on Centos 7?
  • Add Security Token
  • Security token intro
  • Firewalld commands for CentOS 7 and CentOS 8
  • Secure Token Integration For PHP (Secondary)
  • Psychz Announces the Launch of European Data Centers in London and Amsterdam
  • Psychz CDN Products and Features Updates
  • Previewing The Release Of Windows Server 10
  • CDN Hosting and why Every website should utilize a CDN
  • Best Open-Source Software For Linux Users
Hosting Services
  • Dedicated Hosting
  • Colocation Hosting
  • Backup
  • IP Transit
  • DDoS Mitigation
Support
  • Portal Login
  • Knowledgebase
  • Community
Company
  • About Us
  • Contact Us
  • Network
  • Data Centers
  • Looking Glass
  • Affiliates
  • Reseller
  • Blog
Policies
  • Privacy Policy
  • Acceptable Usage Policy
  • Terms and Conditions
  • Service Level Agreement
Company
  • Psychz Networks,
    A Profuse Solutions Company
    611 Wilshire Blvd #300
    Los Angeles,California 90017
    USA
  • US/Canada: 800-933-1517
  • International: 626-549-2801
Subscribe to Our Mailing List
* indicates required
Copyright © 2023 Psychz Networks, A Profuse Solutions Inc Company