Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol internetwork.
auto lo
iface lo inet loopback
### local ip ####
auto eth0
iface eth0 inet static
address 192.168.1.254
netmask 255.255.255.0
### public ip ###
auto eth1
iface eth1 inet static
address 10.0.0.1
netmask 255.0.0.0
gateway 10.0.0.254
dns-nameserver 8.8.8.8
### gre tunnel ###
auto tun0
iface tun0 inet static
address 9.0.0.1
netmask 255.255.255.0
broadcast 9.0.0.255
up ifconfig tun0 multicast
pre-up iptunnel add tun0 mode gre local 10.0.0.1 remote 10.0.0.2 ttl 255
pointopoint 9.0.0.2
post-down iptunnel del tun0
Server 2 (Site B)
### local ip ####
auto eth0
### public ip ###
### gre tunnel ###
You are done with configuration, simply restart the network service, and hit ifconfig to see if interface tun0 is created or not. It appears if you did everything correct.
Checking tun0 on Sever 1 (Site A)
Now try pinging 9.0.0.1, which is tunnels local IP (9.0.0.1), followed by tunnels remote IP (9.0.0.2).
If tunnels remote IP is pinging then connectivity is ok.
Note: Before pinging tunnel's remote IP make sure tun0 is up and running on both the servers and restart the network service.
commands you should be aware of :
ifconfig tun0 up (to up the gre tunnel)
ifconfig tun0 down (to donw the tunnel)
iptunnel del tun0 (to completely delete the tunnel interface)
ROUTING :
Last main part of this configuration is routing adding static routes,
On Site A:
to connect local network (192.168.2.0) on Site B, traffic should go through tun0 interface and gateway will be 9.0.0.1.
Gil ...
It's very simple to create no need of installing packeges and editing configuration files like, openswan or openvpn.
SCENARIO :
In this post we are connecting two remote sites and allow both local network see each other.
SITE A:
Public IP: 10.0.0.1
Local IP: 192.168.1.254
Tunnel IP: 9.0.0.1
SITE B:
Public IP: 10.0.0.2
Local IP: 192.168.2.254
Tunnel IP: 9.0.0.2
Now lets configure it. All you need to do is just add the below config to existing interface.
Server 1 (Site A)
Server 1 (Site A)
root@site-A:~# vim /etc/network/interfaces
iface lo inet loopback
### local ip ####
auto eth0
iface eth0 inet static
address 192.168.1.254
netmask 255.255.255.0
### public ip ###
auto eth1
iface eth1 inet static
address 10.0.0.1
netmask 255.0.0.0
gateway 10.0.0.254
dns-nameserver 8.8.8.8
### gre tunnel ###
auto tun0
iface tun0 inet static
address 9.0.0.1
netmask 255.255.255.0
broadcast 9.0.0.255
up ifconfig tun0 multicast
pre-up iptunnel add tun0 mode gre local 10.0.0.1 remote 10.0.0.2 ttl 255
pointopoint 9.0.0.2
post-down iptunnel del tun0
root@site-B:~# vim /etc/network/interfaces
auto lo
iface lo inet loopback
### local ip ####
auto eth0
iface eth0 inet static
address 192.168.2.254
netmask 255.255.255.0
### public ip ###
auto eth1
iface eth1 inet static
address 10.0.0.2
netmask 255.0.0.0
gateway 10.0.0.254
dns-nameserver 8.8.8.8
### gre tunnel ###
auto tun0
iface tun0 inet static
address 9.0.0.2
netmask 255.255.255.0
broadcast 9.0.0.255
up ifconfig tun0 multicast
pre-up iptunnel add tun0 mode gre remote 10.0.0.1 local 10.0.0.2 ttl 255
pointopoint 9.0.0.1
post-down iptunnel del tun0Checking tun0 on Sever 1 (Site A)
root@Site-A:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0f:3d:f4:6c:f5
inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20f:3dff:fef4:6cf5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5557 errors:0 dropped:12 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:404219 (404.2 KB) TX bytes:492 (492.0 B)
Interrupt:16
eth1 Link encap:Ethernet HWaddr 00:14:c2:0b:e7:bc
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.0.0.0
inet6 addr: fe80::214:c2ff:fe0b:e7bc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2979 errors:0 dropped:0 overruns:0 frame:0
TX packets:2288 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:240928 (240.9 KB) TX bytes:299739 (299.7 KB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:758 errors:0 dropped:0 overruns:0 frame:0
TX packets:758 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:65509 (65.5 KB) TX bytes:65509 (65.5 KB)
tun0 Link encap:UNSPEC HWaddr 73-71-D0-A4-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:9.0.0.1 P-t-P:9.0.0.2 Mask:255.255.255.255
inet6 addr: fe80::200:5efe:7371:d0a4/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:2560 (2.5 KB)
tun0 is showing and up. So you configured it correct.eth0 Link encap:Ethernet HWaddr 00:0f:3d:f4:6c:f5
inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20f:3dff:fef4:6cf5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5557 errors:0 dropped:12 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:404219 (404.2 KB) TX bytes:492 (492.0 B)
Interrupt:16
eth1 Link encap:Ethernet HWaddr 00:14:c2:0b:e7:bc
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.0.0.0
inet6 addr: fe80::214:c2ff:fe0b:e7bc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2979 errors:0 dropped:0 overruns:0 frame:0
TX packets:2288 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:240928 (240.9 KB) TX bytes:299739 (299.7 KB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:758 errors:0 dropped:0 overruns:0 frame:0
TX packets:758 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:65509 (65.5 KB) TX bytes:65509 (65.5 KB)
tun0 Link encap:UNSPEC HWaddr 73-71-D0-A4-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:9.0.0.1 P-t-P:9.0.0.2 Mask:255.255.255.255
inet6 addr: fe80::200:5efe:7371:d0a4/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:2560 (2.5 KB)
Now try pinging 9.0.0.1, which is tunnels local IP (9.0.0.1), followed by tunnels remote IP (9.0.0.2).
If tunnels remote IP is pinging then connectivity is ok.
Note: Before pinging tunnel's remote IP make sure tun0 is up and running on both the servers and restart the network service.
commands you should be aware of :
ifconfig tun0 up (to up the gre tunnel)
ifconfig tun0 down (to donw the tunnel)
iptunnel del tun0 (to completely delete the tunnel interface)
ROUTING :
Last main part of this configuration is routing adding static routes,
On Site A:
to connect local network (192.168.2.0) on Site B, traffic should go through tun0 interface and gateway will be 9.0.0.1.
root@Site-A:~# route add -net 192.168.2.0 netmask 255.255.255.0 gw 9.0.0.1 dev tun0
On Site B
root@Site-B:~# route add -net 192.168.1.0 netmask 255.255.255.0 gw 9.0.0.2 dev tun0
Finally try pinging local networks from end to end to confirm routes are added properly and tunnel is working.Gil ...
1 Comments
Hi my friend! I wish to say that this article is amazing,
ReplyDeletenice written and come with approximately all significant infos.
I'd like to see extra posts like this .
Feel free to surf to my blog post: http://bestin24.com