[转]Creating an IP Tunnel using GRE on Linux

Creating an IP Tunnel using GRE on Linux

Contents[hide]

· 1 IP Tunelling

· 2 Starting Configuration

· 3 Tunnelling Objective

o 3.1 Create Tunnels

o 3.2 Additional Routes

o 3.3 Delete Tunnels

· 4 Network Diagram

o 4.1 Debian Configuration

· 5 References

IP Tunelling

We will do IPv4 tunneling using GRE. GRE is a tunneling protocol that was originally developed by Cisco, and it can do a few more things than IP-in-IP tunneling. For example, you can also transport multicast traffic and IPv6 through a GRE tunnel.

We are using Debian with linux kernel 2.4.26. In Linux, you'll need the ip_gre.o module.

Starting Configuration

We have 2 routers X and Y, and intermediate network C (or let's say, Internet).

router X

Router X is connected to the Internet on interface eth0 and network A on eth1.

interface eth0 :: address 169.229.255.134 on the Internet (or network C)

interface eth1 :: address 10.0.2.1, network 10.0.2.0/24 (network A)

router Y

Router Y is connected to the Internet on interface eth0, network B on eth1 and network C on eth2.

interface eth0 :: address 207.241.237.37 on the Internet (or network C)

interface eth1 :: address 10.0.3.1, network 10.0.3.0/24 (network B)

interface eth2 :: address 10.0.4.1, network 10.0.4.0/24 (network C)

As far as network C is concerned, we assume that it will pass any packet sent from X to Y and vice versa. How and why, we do not care.

Tunnelling Objective

Create a tunnel between router X and Y, such that we can route traffic from network A (connected to X) to networks B and C (connected to Y). This tunnel will look just like a wire between the two routers with its own subnet (10.0.201.0/24)

Create Tunnels

On router X, commands are

iptunnel add tunX mode gre remote 207.241.237.37 local 169.229.255.134 ttl 225

ifconfig tunX 10.0.201.1/24

ifconfig tunX up

ifconfig tunX pointopoint 10.0.201.2

ifconfig tunX multicast

In line 1, we added a tunnel device, and called it tunX. Furthermore we told it to use the GRE protocol (mode gre), that the remote address is 207.241.237.37 (the router Y at the other end), that our tunneling packets should originate from 169.229.255.134 (which allows your router to have several interfaces and choose which one to use for tunneling) and that the TTL field of the packet should be set to 255 (ttl 255).

Line 2 gives the newly born interface tunY the address 10.0.201.1.

Line 3 enables the device.

Line 4 is necessary to set the IP address of the peer. Need when using dynamic routing with RIP/OSPF with Zebra. Refer to Routing HOWTO for more details.

Line 5 is necessary to enable multicast - so that routing with Zebra works (they normally multicast routing updates).

One router Y, commands are

iptunnel add tunY mode gre local 207.241.237.37 remote 169.229.255.134 ttl 225

ifconfig tunY 10.0.201.2/24

ifconfig tunY up

ifconfig tunY pointopoint 10.0.201.1

ifconfig tunY multicast

Tunnel X<->Y Now we created a tunnel on the 10.0.201.0/24 network from router X to Y and vice versa.

routerX ----------------tunnel-----------------routerY

10.0.201.1 10.0.201.2

(tunX) (tunY)

We can send packets on the 10.0.201.0/24 network from router X to Y and vice versa. So we can ping router X from Y on the tunnel interface.

routerX# ping 10.0.201.2

routerY# ping 10.0.201.1

Additional Routes

However, if we to send packets to network B or C from router X, we need to add routes so that traffic for these networks is sent on the tunnelling interface.

On router X:

route add -net 10.0.3.1/24 gw 10.0.201.1 dev tunX

route add -net 10.0.4.1/24 gw 10.0.201.1 dev tunX

Similarily, to send packets to network A from router Y, we need to add a route.

On router Y:

route add -net 10.0.2.1/24 gw 10.0.201.2 dev tunY

Delete Tunnels

On router X:

ifconfig tunX down

iptunnel del tunX

Network Diagram

(network A)

10.0.2.1, eth1

|

___|_________

| Router X |

|_____________|

| 169.229.255.134 (eth0)

| (Internet or network C)

|

|

| | 10.0.201.1 (tunX)

| |

| |

| | (gre tunnel: 169.229.255.134 <-> 207.241.237.37)

| |

| |

| | 10.0.201.2 (tunY)

|

| (Internet or network C)

| 207.241.237.37 (eth0)

___|___________

| Router Y |

|_______________|

| |

| |

10.0.3.1 10.0.4.1

eth1 eth2

(network B) (network C)

Debian Configuration

· router X: /etc/network/interfaces

auto tun0

iface tun0 inet static

address 10.0.201.1

netmask 255.255.255.0

broadcast 10.0.201.255

up ifconfig tun0 multicast

pre-up iptunnel add tun0 mode gre remote 207.241.237.37 local 169.229.255.134 ttl 255

pointopoint 10.0.201.2

post-down iptunnel del tun0

· router Y: /etc/network/interfaces

auto tun0

iface tun0 inet static

address 10.0.201.2

netmask 255.255.255.0

broadcast 10.0.201.255

up ifconfig tun0 multicast

pre-up iptunnel add tun0 mode gre local 207.241.237.37 remote 169.229.255.134 ttl 255

pointopoint 10.0.201.1

post-down iptunnel del tun0

References

· Borrowed heavily from Linux Advanced Routing & Traffic Control HOWTO by Bert Hubert et al., 2002

· Discussion on IP tunnels with Quagga