pawanopensource
asked on
configuring Gre tunnel
hi experts,
i need some guidance regarding gre tunnel.
1 - Why we configure gre tunnel.
2 - What are the benefits of creating Gre tunnel
I have two configure gre tunnel between two linux boxes both are in diffrent locations, i have to connect both linux box through gre tunnel, at both side i am having adsl link..
i need some guidance regarding gre tunnel.
1 - Why we configure gre tunnel.
2 - What are the benefits of creating Gre tunnel
I have two configure gre tunnel between two linux boxes both are in diffrent locations, i have to connect both linux box through gre tunnel, at both side i am having adsl link..
ASKER
thx for such quick reply. plz clear my confusion suppose there are two remote locations
location A (local lan ip 192.168.15.0 of location A)
location B (local lan ip 192.168.14.0 of location B)
and both location are connected through gre tunnel. now from location A can i be able to access whole network 192.168.14.0 of location B. plz assume that port 47 has been forwarded on both side of router.
location A (local lan ip 192.168.15.0 of location A)
location B (local lan ip 192.168.14.0 of location B)
and both location are connected through gre tunnel. now from location A can i be able to access whole network 192.168.14.0 of location B. plz assume that port 47 has been forwarded on both side of router.
ASKER
one thing more the computers on which ill be configuring gre tunnel at both locations both computers r having one ethernet card.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What type of routers do you have at each location?
You may want to setup a GRE PPTP connection then.
The problem is that you would then need to setup static routes on the router at each location to reroute The remote LAN directed traffic back to the linux box that will be establishing the GRE/PPTP connection.
You may want to setup a GRE PPTP connection then.
The problem is that you would then need to setup static routes on the router at each location to reroute The remote LAN directed traffic back to the linux box that will be establishing the GRE/PPTP connection.
ASKER
at both end i am having simple adsl router. its not like cisco or juniper, its a simple adsl router.
ok what ill do is that on both pc on which ill configure gre tunnel ill attach two lan cards on both computer.
Location A
eth0 will be connected to adsl link
eth1 will be connected to switch so now gateway for lan of lacation A will be eth0 ip address
same with location B
now after doing this can i be able to access whole network of location A from location B and vice versa.
ok what ill do is that on both pc on which ill configure gre tunnel ill attach two lan cards on both computer.
Location A
eth0 will be connected to adsl link
eth1 will be connected to switch so now gateway for lan of lacation A will be eth0 ip address
same with location B
now after doing this can i be able to access whole network of location A from location B and vice versa.
No, The gateway for the LAN will be the eth1 LAN IP no the eth1 IP.
http://www.linuxjournal.com/article/5826
http://www.cyberciti.biz/tips/linux-as-router-for-dsl-t1-line-etc.html
http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html
A search for "linux router setup" will get you more references for the setup.
http://www.linuxjournal.com/article/5826
http://www.cyberciti.biz/tips/linux-as-router-for-dsl-t1-line-etc.html
http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html
A search for "linux router setup" will get you more references for the setup.
ASKER
u r right gateway for lan will be eth1 not eth0.
will my router will be able to pass protocol 47 and if yes than how to do it. as i told u its a nomal adsl router.
will my router will be able to pass protocol 47 and if yes than how to do it. as i told u its a nomal adsl router.
Before going to the GRE setup, make sure your linux system is setup and functions as a router. i.e. LAN users can access the net. Access to the LAN systems from the outside is not allowed. Your WAN interface is secured i.e. iptables are setup and running. Depending on your linux distribution, you may want to make sure that SELinux is enabled as well as have strong passwords if you have ssh open on the WAN eth0 side.
You have to configure iptables to allow protocol type #47
http://lists.netfilter.org/pipermail/netfilter/2007-June/069023.html
iptables tutorial:
http://www.frozentux.net/documents/iptables-tutorial/
GRE setup examples:
http://www.linuxfoundation.org/collaborate/workgroups/networking/tunneling
http://lartc.org/howto/lartc.tunnel.gre.html
You have to configure iptables to allow protocol type #47
http://lists.netfilter.org/pipermail/netfilter/2007-June/069023.html
iptables tutorial:
http://www.frozentux.net/documents/iptables-tutorial/
GRE setup examples:
http://www.linuxfoundation.org/collaborate/workgroups/networking/tunneling
http://lartc.org/howto/lartc.tunnel.gre.html
ASKER
thx for the links. right now i am working on it. can u plz tell me does gre tunnel works same like openvpn in openvpn v can access twodiffrent networks.
yes once setup it will bridge the two locations as though they were one.
http://en.wikipedia.org/wiki/Generic_Routing_Encapsulation
The data transmited over a GRE tunnel can not be observed (the data stream is encrypted)
You need to make sure that the routers on either side can pass protocol #47 (GRE)
Depending on your systems, an IPSEC tunnel might be an option to consider