Generic Routing Encapsulation (GRE) provides a configurable Key to enhance system security. A sender configures a key, which is an integer ranging from 0 to 4294967295, and records the 32-bit key in the GRE header before sending the GRE packet out. After receiving the GRE packet, the receiver decapsulates the packet and matches the key against the locally configured key. If they do not match, the receiver considers the GRE packet invalid. The key can be configured in ciphertext or simple text. If the key in ciphertext is configured, it is displayed in ciphertext in the configuration file.
An attacker forges GRE packets and sends them to a target.
Run the following command in the tunnel interface view of both GRE tunnel ends to configure the key function: gre key { plain key-number | [ cipher ] plain-cipher-text }
Configure the key function to enhance system security. When the key function is configured, the key works in ciphertext mode by default.