Sean Donelan writes:
I tend to view GRE tunnels like any other traffic. A tunnel to/from any
of my customers is like any other traffic to/from those customers. However,
a tunnel between two end-points, neither of which is on my network, is a
form of third-party transit traffic and gets blocked when I figure out the
new way they are doing it. I know, in theory you can encapsulate anything
Moreover, if IPSEC is in use, you can't even sniff.