Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

GRE Tunnel Tutorial CentOS 6
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

GRE Tunnel Tutorial CentOS 6

GamerTech24GamerTech24 Member
in Help

http://wiki.buyvm.net/doku.php/gre_tunnel

I used this tutorial, and everything could work including the pinging, but the iptables part didn't work at all. I ran httpd on the server on the other end of the GRE tunnel and could even wget the GRE IP wget 192.168.168.2 and get a response, but for some reason it wasn't forwarding to the outside IP. On the main machine that has the 2 IPs both IPs are accessible and set up correctly on eth0. Something is just up with the iptables scrripts and CentOS 6, I am even doing iptables save and reload and service start.

Comments

  • GamerTech24GamerTech24 Member
    edited May 2017

    Should I try using CentOS 7 instead? If I can ping both of them and see the services running from the other machine's local IP it has to be just an issue of the iptables commands not working to forward the traffic to the IP, which I can't find any more information on.

  • GamerTech24GamerTech24 Member
    edited May 2017

    Basically this works

    First we need to set our tunnel up.

    On your BuyVM VPS please execute the following commands:

    echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
    sysctl -p
    iptunnel add gre1 mode gre local YOUR_UNFILTERED_IP remote DESTINATION_SERVER_IP ttl 255
    ip addr add 192.168.168.1/30 dev gre1
    ip link set gre1 up
    On the remote server you wish to protect run the following:

    iptunnel add gre1 mode gre local DESTINATION_SERVER_IP remote YOUR_UNFILTERED_IP ttl 255
    ip addr add 192.168.168.2/30 dev gre1
    ip link set gre1 up
    You will always want to form your GRE with your unfiltered IP address for all GRE tunnels to make sure you don't run into any sort of MTU issues or trigger the DDOS protection.

    Please note the first line of each changes to mark what IP to use locally and which remotely. >The 2nd line documents each end point. In a /30, 2 IP's are usable: .1 and .2.

    Test your New GRE Tunnel with Ping

    On your BuyVM VPS, you should now be able to ping 192.168.168.2.

    For the sake of completeness, test pinging 192.168.168.1 from your destination server.

    but everything else after that does not.

  • GamerTech24GamerTech24 Member
    edited May 2017

    I wonder if I can change one of these

    ip addr add 192.168.168.2/30 dev gre1

    or

    ip addr add 192.168.168.2/30 dev gre1

    to the outside IP address I want accessible and bypass all that IPtables routing stuff in the first place which doesn't want to work for me. This isn't the first time I've had issues with IPTables on CentOS 6 either, which is why it's usually one of the first things I disable in system-config-firewall-tui. CentOS 6 may be too old in this case as well, I really don't know and can't find any more information on getting this working, since most tutorials reference Ubuntu and stuff and I'd rather use something REHL based.

Sign In or Register to comment.