New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Problems on GRE Tunnel - IP bad-len 0
Hey there,
I'm trying to create a GRE Tunnel between one of my VPS with DDoS Protection and a dedicated I have on my home connection but I'm getting 95% packet loss with the error IP bad-len 0.
I'm using BuyVM tutorial with the following info:
LAN IP: 192.168.0.100
Home IP: 1.2.3.4
VPS Unprotected IP: 5.6.7.8
VPS Protected IP: 6.7.8.9
VPS Code
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
iptunnel add gre1 mode gre local 5.6.7.8 remote 1.2.3.4 ttl 255
ip addr add 192.168.168.1/30 dev gre1
ip link set gre1 up
Home Code
iptunnel add gre1 mode gre local 192.168.0.100 remote 5.6.7.8 ttl 255
ip addr add 192.168.168.2/30 dev gre1
ip link set gre1 up
Ping Response
root@XXX:~# ping 192.168.168.1
PING 192.168.168.1 (192.168.168.1) 56(84) bytes of data.
64 bytes from 192.168.168.1: icmp_req=1 ttl=64 time=57.1 ms
64 bytes from 192.168.168.1: icmp_req=16 ttl=64 time=68.5 ms
64 bytes from 192.168.168.1: icmp_req=31 ttl=64 time=82.1 ms
64 bytes from 192.168.168.1: icmp_req=46 ttl=64 time=82.5 ms
64 bytes from 192.168.168.1: icmp_req=76 ttl=64 time=64.6 ms
64 bytes from 192.168.168.1: icmp_req=91 ttl=64 time=64.2 ms
^C
--- 192.168.168.1 ping statistics ---
92 packets transmitted, 6 received, 93% packet loss, time 91007ms
rtt min/avg/max/mdev = 57.122/69.886/82.529/9.432 ms
TCPDump from Ping
10:54:27.860326 IP XXX.XXX.XXX.94.rev.vodafone.pt > XXX.lu.domain.pt: GREv0, length 88: IP bad-len 0
10:54:28.858026 IP XXX.XXX.XXX.94.rev.vodafone.pt > XXX.lu.domain.pt: GREv0, length 88: IP bad-len 0
10:54:29.854979 IP XXX.XXX.XXX.XXX.rev.vodafone.pt > XXX.lu.domain.pt: GREv0, length 88: IP 192.168.168.2 > 192.168.168.1: ICMP echo request, id 10178, seq 76, length 64
10:54:29.863370 IP XXX.lu.domain.pt > XXX.XXX.XXX.94.rev.vodafone.pt: GREv0, length 88: IP 192.168.168.1 > 192.168.168.2: ICMP echo reply, id 10178, seq 76, length 64
10:54:30.860643 IP XXX.XXX.XXX.94.rev.vodafone.pt > XXX.lu.domain.pt: GREv0, length 88: IP bad-len 0
10:54:31.849010 IP XXX.XXX.XXX.94.rev.vodafone.pt > XXX.lu.domain.pt: GREv0, length 88: IP bad-len 0
Already tried placing my home public ip instead of the lan ip but simply don't work. The home router is the provider's Huawei HG8247h. Working fine if set VPS <-> Kimsufi so I think the problem is the router.
Any thoughts?
Thanks in advance...
Comments
Do you get any packet loss to the public IP?
Without the tunnel and pinging directly to the public ip no ping loss
Try to change MTU size
Changed to lower and higher but same result...
On the same value on both sides? Try to change it to 1450 on both ends.
Yes, changed on both with the same values. I applied it to gre1, should I change it in any other interface?
I had a similar problem that I attributed to the NAT of the home router.
I used tinc instead of gre for the tunnel and it has been perfect ever since.
Need a step by step for tinc behind a home router, let me know.
Please, if you have a tutorial feel free to leave me a PM :P
PM'd
Check QoS too.
And hello Portuguese guy, we share the same Internet provider. Vodafone é que é!
It's a NAT problem - you would need to use the public IP of your router and config the router to forward the GRE traffic to your private IP 192.168.0.100
Unfortunately, it's unlikely your Huawei router will support GRE protocol 47 forwarding so FrankZ suggestion looks like your best option to get this working
Your ISP may also be incorrectly handling GRE resulting in truncation. I've seen lots of weird things with some end user ISPs and protocols other than TCP, UDP, ICMP.
Ensure on your home router that your server is on the DMZ.
I'll try it and then let you know. Thank you all for the help