Search This Blog

Wednesday, July 11, 2012

How to configure GRE tunnel between Cisco IOS and Linux


Let’s have the following scenario:



Both nodes are connected through the internet, here in my example, using private IP.
On the Cisco device, Fa0/0 is the WAN interface with the following configuration:

interface Tunnel1
 description TO-LINUX-SERVER
 ip address 192.168.10.2 255.255.255.252
 ip mtu 1436
 tunnel source Fastethernet 0/0
 tunnel destination 172.16.0.2

Where tunnel source is the IP of the Cisco router, tunnel destination is the IP of the Linux server and 192.168.10.2 is the IP of the tunnel.
On the Linux server ETH0 is the WAN interface which connected to the internet

modprobe ip_gre
ip tunnel add gre_tun0 mode gre remote 10.0.0.2 local 172.16.0.2 ttl 255
ip tunnel ls
ip link ls dev gre_tun0
ip link set gre_tun0 up
ip link ls dev gre_tun0
ip addr add 192.168.10.1/30 dev gre_tun0
ip addr ls dev gre_tun0
ifconfig gre_tun0 mtu 1380

Modeprobe runs the module for GRE; ip tunnel creates the tunnel with gre_tun0 as the name for the tunnel. Remote and local are the same as source and destination.
In order to configure the GRE tunnel permanently and to make sure it will be configured after reload of the server use the following:

Vi /etc/rc.local

And add the configuration to the file:

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
modprobe ip_gre
#GRE Tunnel CONFIG
modprobe ip_gre
ip tunnel add gre_tun0 mode gre remote 10.0.0.2 local 172.16.0.2 ttl 255
ip tunnel ls
ip link ls dev gre_tun0
ip link set gre_tun0 up
ip link ls dev gre_tun0
ip addr add 192.168.10.1/30 dev gre_tun0
ip addr ls dev gre_tun0
ifconfig gre_tun0 mtu 1380
~                                                                                                       
~                                                                                                       
~                                                                                                        
~                                                                                                       
~                                                                                                        
"/etc/rc.local" 32L, 1051C

Don’t forget to type wq! to save the file.

Remember that GRE stands for General Routing Encapsulation and It’s not encrypting or protecting the data from eavesdrop eyes.  The encapsulation itself adds 24 bytes to the IP packet and (4 bytes for the GRE protocol and 20 bytes for one more IP header)


9 comments:

  1. thanks for sharing information really it is very useful

    Data Interpretation for GRE Test

    ReplyDelete
  2. The two iOS and Android make apps appear on the home screen. The portable stages permit clients to get to the as often as possible utilized apps legitimately from the home screen. Itools 4.4.5.8 crack

    ReplyDelete
  3. The other OS's have not been remembered for the count as they structure an exceptionally little aspect of the condition. In this way, with the colossal development in the versatile gaming industry, up and coming designers are ready with the unavoidable issue of picking among iOS and Android game turn of events.mx player

    ReplyDelete
  4. Get instant and affordable antivirus support service at Webroot Technical Support. Our expertise team are always there to help you. basicknowledgehub

    ReplyDelete
  5. Such an excellent post, thanks for sharing. Keep sharing stuff like this in the future.

    ReplyDelete
  6. Thanks for the detailed article on this topic. I would like to see more such awesome articles from you.

    ReplyDelete
  7. Wish to see this much more like this. Thanks for sharing your information!

    ReplyDelete
  8. Thank you this useful article, do check out apkframe for modded apps and games.

    ReplyDelete