At one of our remote sites we have a /29 provided from our current ISP, and they're using a /30 as a bridge between us and the internet. The /30 is not routed to the internet and all traffic to it appears to be blocked (TCP as well as UDP). We need to configure an IPSEC over GRE tunnel back to our home office but all configuration examples I have show the tunnel as being built on the exterior most IP, which would be the /30.
I've labbed this up and I know for a fact that will work, however it doesn't in the real world due to the ISP's restrictions on the /30. I've also labbed up multiple different ways to try and get the tunnel built from my /29 (including having the /29 as a secondary IP on the same port as the /30) but have't been able to find a way that works. I've spent the better part of a week and a half on this.
I've opened a ticket with the ISP to see if they'll open up their /30 for me but in the mean time I thought I'd post here as a backup. Also, it could handy to have this info in case I'm ever in a situation where the /30 cannot be routed for whatever reason.
If anyone can point me to an example of a tunnel built with a source other than the one facing the internet I would be much obliged. Thanks!