[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1399
  • Last Modified:

configuring Gre tunnel

hi experts,
i need some guidance regarding gre tunnel.

1 - Why we configure gre tunnel.

2 - What are the benefits of creating Gre tunnel

I have two configure gre tunnel between two linux boxes both are in diffrent locations, i have to connect both linux box through gre tunnel, at both side i am having adsl link..

0
pawanopensource
Asked:
pawanopensource
  • 6
  • 5
1 Solution
 
arnoldCommented:
GRE tunnel is in effect a VPN connection.
http://en.wikipedia.org/wiki/Generic_Routing_Encapsulation

The data transmited over a GRE tunnel can not be observed (the data stream is encrypted)

You need to make sure that the routers on either side can pass protocol #47 (GRE)
Depending on your systems, an IPSEC tunnel might be an option to consider
0
 
pawanopensourceAuthor Commented:
thx for such quick reply. plz clear my confusion suppose there are two remote locations

location A (local lan ip 192.168.15.0 of location A)
location B (local lan ip 192.168.14.0 of location B)

and both location are connected through gre tunnel. now from location A can i be able to access whole network 192.168.14.0 of location B. plz assume that port 47 has been forwarded on both side of router.
0
 
pawanopensourceAuthor Commented:
one thing more the computers on which ill be configuring gre tunnel at both locations both computers r having one ethernet card.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
arnoldCommented:
It is not port 47 it is protocol type 47 there is a significant difference.

It all depends on what the location A and location B systems do. i.e. if these systems behave as routers and can not be behind a router, than the answer is yes that the GRE setup will allow access from a system with IP 192.168.14.x to reach a system with IP 192.168.15.x.
If however, each system is an individual workstation, that all the GRE tunnel will do is allow systemA to connect/access systemb and vice versa.

The linux firewal (iptables) would need to be configured to allow protocol type #47 packets to pass through and will be handled by the kernel/ipchains/gre_kernel module

I.e. the connection at each location would be IPS (intrusion Prevention system i.e. snort)

Location A:
Internet <=> WAN Interface on Linux System [iptables/IPS]  LAN interface <=> LAN Switch <=> LAN systems

Location B:
Internet <=> WAN Interface on Linux System [iptables/IPS]  LAN interface <=> LAN Switch <=> LAN systems

Open in new window

0
 
arnoldCommented:
What type of routers do you have at each location?
You may want to setup a GRE PPTP connection then.
The problem is that you would then need to setup static routes on the router at each location to reroute The remote LAN directed traffic back to the linux box that will be establishing the GRE/PPTP connection.
0
 
pawanopensourceAuthor Commented:
at both end i am having simple adsl router. its not like cisco or juniper, its a simple adsl router.
ok what ill do is that on both pc on which ill configure gre tunnel ill  attach two lan cards on both computer.

Location A

eth0 will be connected to adsl link
eth1 will be connected to switch so now  gateway for lan of lacation A will be eth0 ip address

same with location B

now after doing this can i be able to access whole network of location A from location B and vice versa.
0
 
arnoldCommented:
No, The gateway for the LAN will be the eth1 LAN IP no the eth1 IP.
http://www.linuxjournal.com/article/5826
http://www.cyberciti.biz/tips/linux-as-router-for-dsl-t1-line-etc.html
http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html

A search for "linux router setup" will get you more references for the setup.
0
 
pawanopensourceAuthor Commented:
u r right gateway for lan will be eth1 not eth0.
will my router will be able to pass protocol 47 and if yes than how to do it. as i told u its a nomal adsl router.
0
 
arnoldCommented:
Before going to the GRE setup, make sure your linux system is setup and functions as a router. i.e. LAN users can access the net.  Access to the LAN systems from the outside is not allowed.  Your WAN interface is secured i.e. iptables are setup and running. Depending on your linux distribution, you may want to make sure that SELinux is enabled as well as have strong passwords if you have ssh open on the WAN eth0 side.

You have to configure iptables to allow protocol type #47
http://lists.netfilter.org/pipermail/netfilter/2007-June/069023.html

iptables tutorial:
http://www.frozentux.net/documents/iptables-tutorial/

GRE setup examples:
http://www.linuxfoundation.org/collaborate/workgroups/networking/tunneling
http://lartc.org/howto/lartc.tunnel.gre.html

0
 
pawanopensourceAuthor Commented:
thx for the links. right now i am working on it. can u plz tell me does gre tunnel works same like openvpn in openvpn v can access twodiffrent networks.
0
 
arnoldCommented:
yes once setup it will bridge the two locations as though they were one.

0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now