Two item overlooked are the NAT problem and the filtering problem.

GRE through many routers won't work if NAT is involved, those that do support GRE may may have it disabled and at the moment directly exposing a node on the public web wouldn't be wise in my opinion.

vtund  has a better chance of working as it's either TCP or UDP based on config and can't be blocked based on protocol number(as GRE can) this may mean it is more likely to work on random networks as well, of course a true layer 7 firewall may be able to block it but that's even more rare.

GRE and NAT: This is a valid issue in terms of supportablilty and complexity to package a tunnel solution. The typical home/business network is NAT and additional manual setup outside the Mesh node would be needed for the hub GRE tunnel to establish.  

Although to put into perspective, vtund also needs to port forward the connecting port default 5000.   1 forward (vtund) vs 3 forwards (GRE).  

Referring to Johan, SM7I's, documentation of bbhn-GRE:

--------

Since GRE tunneling uses protocol 47 (GRE) and TCP 1723 this needs to be opened / forwarded in any firewall or NAT device, used in between the Internet and the HSMM node, towards the HSMM GRE node. Decide which node will be the responding device and open / forward protocol 47 and TCP 1723 to that node. This is normally called PPTP and often available as a preconfigured service in most routers / firewalls.

The other nodes can be seen as initiators and will thus be “calling” in to the node that you decided to be the “hub”

--------

Most home and corporate firewalls in my experience muck up GRE when NAT is involved even when it is the initiator side.

GRE passthrough only really started appearing a few years ago on commonly sold routers. GRE does not play well when NAT is involved in my experience (Its been a while since I setup one but years gone by I've set up hundreds).

Also our friends at a very well known ISP that loves to filter traffic across their backbone and prioritize traffic has been reported in the past to flat out block the GRE protocol (by protocol number ) (they might of come off of that policy since but the fact they did it once)

If your attaching to some random network somewhere your going to want the most flexible you can get.

good discussion.  sounds like GRE is "potentially" more NAT-unfriendly but lighter, and vtun is very NAT friendly but slightly heavier.  Sounds to me to be more "user friendly", vtun may be the way to go as it reduces the number of potential problem points.

D.

In the sense that this is a linux computer and we can program it do to anything, yes.

You might trial-n-error attempt to swap around the physical interfaces (eth0, eth0.1) assigned to the logical interfaces (LAN, WAN) in /etc/config/network UCI config file (risk is you revert to tftp to reload an image).

I believe this will break the setup gui code (don't do a 'save' in setup). You may wish to allow 2222, 8080, and 1978 ports open from WAN to access the node. Conrad may know if other hardcoded physical interface dependencies of what might break. The firewall zones and olsrd are based on the logical interface definitions (WAN, LAN, etc.), so 'should' still work.

config interface lan

    option ifname "eth0" <- change to "eth0.1"

config interface wan

    option ifname "eth0.1" <- change to "eth0"

~$65 for a GS105E is a known path from A to B...

It is possible to use a WRT54 to be you switch.  The principle is kind of their in the instructions to activate dtd-linking on the WRT's at http://ubnt.hsmm-mesh.org/products/BBHN/wiki/HowTo/Enable%20DTDLINK%20on%20Linksys?version=1

Basically if you edit the /etc/vlan.conf file to add one of the Lan Ports to Vlan 1 you can use a WRT as the smart switch. 

option vlan1 “3t 4 5t”

Will provide internet to a ubnt node plugged the lan port next to the wan port.

You would probable want to DTD link the two nodes as well with a:
option vlan2 "3t 5t"

Clint, AE5CA

So, to make sure I understand completely...

my current WRT54GS v2 has the following in the /etc/vlan file..

config switch eth0
option vlan0    "1 2 3 4 5*"
option vlan1    "0 5"

----------

You suggest that I change to:

config switch eth0
option vlan0    "1 2 3 4 5*"
option vlan1    "0 5"
option vlan2    "0t 1t"

--------

Then, I can plug the UBNT M2 into the LAN port 1 (next to the WAN port 0).

This way, LAN port 1 is tagged and will bridge to the WAN port.

do I have that correct?

See http://wiki.openwrt.org/toh/linksys/wrt54g. The numbering of the ports vary by model. 

The GS has different numbering. 

Ok. it appears to be working in this very limited configuration. I am connecting my UBNT M2 via my WRT54GS (which is also running the vtund server). Everything connects properly. The Bullet M2 does have internet access too.