Go Creating an IP tunnel using GRE on Linux

Creating an IP tunnel using GRE on Linux

Contents [Hide] · 1 IP tunelling · 2 Starting Configuration · 3 tunnelling Objective O 3.1 Create Tunnels O 3.2 Additional Routes O 3.3 Delete Tunnels · 4 Network Diagram O 4.1 Debian Configuration · 5 References

IP tunelling

We'll do IPv4 tunneling using GRE. GRE is a tunneling protocol this was originally developed by Cisco, and it can do a few more things than Ip-in-ip Tunnelin G. For example, you can also transport multicast traffic and IPv6 through a GRE tunnel.

We are using the Debian with Linux kernel 2.4.26. In Linux, you ll need the IP_GRE.O module.

Starting Configuration

We have 2 routers X and Y, and intermediate network C (or let ' s say, Internet).

Router X

Router X is connected to the Internet on interface eth0 and network A on eth1.

Interface eth0:: Address 169.229.255.134 on the Internet (or network C)

Interface eth1:: Address 10.0.2.1, network 10.0.2.0/24 (network A)

Router Y

Router Y is connected to the Internet in interface eth0, network B on eth1 and network C on eth2.

Interface eth0:: Address 207.241.237.37 on the Internet (or network C)

Interface eth1:: Address 10.0.3.1, network 10.0.3.0/24 (network B)

Interface eth2:: Address 10.0.4.1, network 10.0.4.0/24 (network C)

As far as network C are concerned, we assume that it'll pass any packet sent from X to Y and vice versa. How and why, we don't care.

Tunnelling Objective

Create a tunnel between router x and Y, such that we can route traffic from network A (connected to X) to networks B and C (connected to Y). This tunnel would look just like a wire between the the routers with its own subnet (10.0.201.0/24)

Create Tunnels

On router X, commands is

Iptunnel Add tunx mode GRE remote 207.241.237.37 local 169.229.255.134 TTL 225

Ifconfig Tunx 10.0.201.1/24

Ifconfig Tunx up

Ifconfig Tunx Pointopoint 10.0.201.2

Ifconfig Tunx Multicast

In line 1, we added a tunnel device, and called it tunx. Furthermore we told it to use the GRE Protocol (mode GRE), which the remote address is 207.241.237.37 (the router Y at the Other end), which we tunneling packets should originate from 169.229.255.134 (which allows your router to having several int Erfaces and choose which one to use for tunneling) and that the TTL field of the packet should is set to 255 (TTL 255).

Line 2 gives the newly born interface Tuny the address 10.0.201.1.

Line 3 enables the device.

Line 4 are necessary to set the IP address of the peer. Need when using the dynamic routing with RIP/OSPF with Zebra. Refer to Routing HOWTO for more details.

Line 5 are necessary to enable multicast-so, which routing with Zebra works (they normally multicast routing updates).

One router Y, commands is

Iptunnel Add Tuny mode GRE local 207.241.237.37 remote 169.229.255.134 TTL 225

Ifconfig Tuny 10.0.201.2/24

Ifconfig Tuny up

Ifconfig Tuny Pointopoint 10.0.201.1

Ifconfig Tuny Multicast

Tunnel X<->y Now we created a tunnel in the 10.0.201.0/24 network from router X to Y and vice versa.

Routerx----------------Tunnel-----------------Routery

10.0.201.1 10.0.201.2

(TUNX) (Tuny)

We can send packets on the 10.0.201.0/24 network from router X to Y and vice versa. So we can ping router X from Y on the tunnel interface.

routerx# Ping 10.0.201.2

routery# Ping 10.0.201.1

Additional Routes

However, if we to send packets to network B or C from router X, we need to add routes so this traffic for these networks I S sent on the tunnelling interface.

On router X:

Route add-net 10.0.3.1/24 GW 10.0.201.1 Dev Tunx

Route add-net 10.0.4.1/24 GW 10.0.201.1 Dev Tunx

Similarily, to send packets to network A from router Y, we need to add a route.

On router Y:

Route add-net 10.0.2.1/24 GW 10.0.201.2 Dev Tuny

Delete Tunnels

On router X:

Ifconfig Tunx Down

Iptunnel del Tunx

Network Diagram

(Network A)

10.0.2.1, eth1

|

___|_________

| Router X |

|_____________|

| 169.229.255.134 (eth0)

| (Internet or network C)

|

|

| | 10.0.201.1 (Tunx)

| |

| |

| | (GRE tunnel:169.229.255.134 <-> 207.241.237.37)

| |

| |

| | 10.0.201.2 (Tuny)

|

| (Internet or network C)

| 207.241.237.37 (eth0)

___|___________

| Router Y |

|_______________|

| |

| |

10.0.3.1 10.0.4.1

Eth1 eth2

(Network B) (Network C)

Debian Configuration

· Router X:/etc/network/interfaces

Auto Tun0

Iface tun0 inet Static

Address 10.0.201.1

Netmask 255.255.255.0

Broadcast 10.0.201.255

Up Ifconfig tun0 Multicast

pre-up Iptunnel Add tun0 mode GRE remote 207.241.237.37 local 169.229.255.134 TTL 255

Pointopoint 10.0.201.2

Post-down Iptunnel del tun0

· Router Y:/etc/network/interfaces

Auto Tun0

Iface tun0 inet Static

Address 10.0.201.2

Netmask 255.255.255.0

Broadcast 10.0.201.255

Up Ifconfig tun0 Multicast

pre-up Iptunnel Add tun0 mode GRE local 207.241.237.37 remote 169.229.255.134 TTL 255

Pointopoint 10.0.201.1

Post-down Iptunnel del tun0

References

· Borrowed heavily from Linux advanced Routing & Traffic Control HOWTO by Bert Hubert et al., 2002

· Discussion on IP tunnels with Quagga