Let's say you usually work at the office on machine A that has an IP address 10.0.0.25 (we'll use the same IP addresses as in the above example). You use the corporate LAN and you have access to all the machines on your subnet. You've just been sent on a business trip and you'll be able to access the corporate gateway only using the Internet. Let's call the gateway machine C, and assume it has forwarding enabled between the following two "real" interfaces:
From your remote location, you'll set up the tunnel in similar way to the example above. Assuming that A.A.A.A is machine A's Internet address:
# ifconfig gre0 10.25 10.1 link1 # ifconfig gre0 tunnel A.A.A.A C.C.C.C
Then set up a route for all of network 10 to the other end of the tunnel:
# route add -net 10 10.1
Now on to machine C. Either before you leave for your trip, or from your remote location, call your colleague in the IS department and get set up with a proxy arp entry on the gateway. When this is done, the machines behind the gateway will think that you're still at the office. Assuming interface en0 is attached to the local subnet (network 10), they'd enter the following:
# arp -s 10.0.0.25 $(netstat -in | grep en0 | grep Link | cut -c 27-43) pub
The command in the brackets cuts out machine C's en0 MAC address and passes it on to the arp command. These commands set up the tunnel:
# ifconfig gre0 10.1 10.25 link1 # ifconfig gre0 tunnel C.C.C.C A.A.A.A
You should now have transparent remote access to your corporate LAN — just as if you were sitting at your desk!