Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Need help regarding GRE and IPIP tunnel from OVH to any other non-OVH provider
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Need help regarding GRE and IPIP tunnel from OVH to any other non-OVH provider

    4mm4r4mm4r Member
    edited September 2018 in Help

    Hello,

    I am trying to set up a GRE tunnel to protect my server which has no anti-DDoS protection so I tried with OVH but it doesn't seem to work. The guide I was using stated that I have to try IPIP tunnel instead for OVH but that didn't work either. So, can anyone here help me in setting up the GRE or IPIP tunnel? Btw GRE and IPIP tunnel is working fine on non-OVH servers. But obviously, that would be of no use to me as those servers have no DDoS protection whatsoever. Any help would be highly appreciated.

    Many Thanks

    Comments

    • emtecroemtecro Member
      edited September 2018

      When I was using GRE tunnel from OVH server to non ovh for game servers I had to disable iptabels to get it working. Try that maybe will help.

    • FrankZFrankZ Member
      edited September 2018

      EDIT: I setup the tunnel as you showed to OVH and it did not work, but after adding
      the below to 192.168.168.2 it worked.

         echo '112 GRE1' >> /etc/iproute2/rt_tables
         ip -4 rule add from 192.168.168.0/30 table 112
         ip -4 route add default via 192.168.168.1 table 112
      
      Thanked by 1cxcool
    • I know it's slightly off topic, but you should try WireGuard instead. It's still not production ready according to the author, but there seems to be a general consensus that it's very reliable already and many people use it in production anyway (me included). The big advantage is that it works over UDP so you don't need special configuration on your routers (or your provider's) and it's fully encrypted. Oh and it's blazing fast. Like really really fast. Switched from a GRE tunnel and I didn't observe any performance impact. YMMV.

      Thanked by 1maverickp
    • ClouviderClouvider Member, Provider

      @emtecro said:
      When I was using GRE tunnel from OVH server to non ovh for game servers I had to disable iptabels to get it working. Try that maybe will help.

      Great approach to security.

      Thanked by 2ma2t FrankZ

      Clouvider Leading UK Cloud Hosting solution provider || UK Dedicated Servers Sale || Tasty KVM Slices || Latest LET Offer

      Web hosting in Cloud | SSD & SAS True Cloud VPS on OnApp | Private Cloud | Dedicated Servers | Colocation | Managed Services

    • @Clouvider said:

      @emtecro said:
      When I was using GRE tunnel from OVH server to non ovh for game servers I had to disable iptabels to get it working. Try that maybe will help.

      Great approach to security.

      Yeah I know... But couldnt get it working it was just a game server on it but not worth buying SYS server so used online.net server on their sale and ovh vps

    • @emtecro said:
      When I was using GRE tunnel from OVH server to non ovh for game servers I had to disable iptabels to get it working. Try that maybe will help.

      Tried it but still no luck.

      @FrankZ said:
      EDIT: I setup the tunnel as you showed to OVH and it did not work, but after adding
      the below to 192.168.168.2 it worked.

         echo '112 GRE1' >> /etc/iproute2/rt_tables
         ip -4 rule add from 192.168.168.0/30 table 112
         ip -4 route add default via 192.168.168.1 table 112
      

      Nope, doesn't work :/

      I am already using this article but this doesn't work for OVH. This works for every other host except OVH. Moreover, they have mentioned this in their article but IPIP tunnel doesn't work either with OVH(see screenshot).

    • @4mm4r You probably tried the ipip with a new os install or a different distribution? Other than the obvious mistyping of the conf or wrong route; you could pay someone to set it up.

    • FrankZFrankZ Member
      edited September 2018

      4mm4r said: Nope, doesn't work :/

      What was done: I followed your setup and added the manual routing for the tunnel as shown above, ip forwarding in sysctl.conf, allowed the server IPs through the firewalls, and added a forwarding rule for GRE1 in the firewalls.

      What is your output of:

      ip -4 rule show
      ip -4 route show 
      ip -4 route show table 112
      

      on both servers ?

    • @agonyzt said:
      I know it's slightly off topic, but you should try WireGuard instead. It's still not production ready according to the author, but there seems to be a general consensus that it's very reliable already and many people use it in production anyway (me included). The big advantage is that it works over UDP so you don't need special configuration on your routers (or your provider's) and it's fully encrypted. Oh and it's blazing fast. Like really really fast. Switched from a GRE tunnel and I didn't observe any performance impact. YMMV.

      Wow, that looks amazing and super simple to configure. Even if it was off-topic, thanks for sharing.

    Sign In or Register to comment.