Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Need help regarding GRE and IPIP tunnel from OVH to any other non-OVH provider
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Need help regarding GRE and IPIP tunnel from OVH to any other non-OVH provider

4mm4r4mm4r Member
edited September 2018 in Help

Hello,

I am trying to set up a GRE tunnel to protect my server which has no anti-DDoS protection so I tried with OVH but it doesn't seem to work. The guide I was using stated that I have to try IPIP tunnel instead for OVH but that didn't work either. So, can anyone here help me in setting up the GRE or IPIP tunnel? Btw GRE and IPIP tunnel is working fine on non-OVH servers. But obviously, that would be of no use to me as those servers have no DDoS protection whatsoever. Any help would be highly appreciated.

Many Thanks

Comments

  • emtecroemtecro Member
    edited September 2018

    When I was using GRE tunnel from OVH server to non ovh for game servers I had to disable iptabels to get it working. Try that maybe will help.

  • FrankZFrankZ Veteran
    edited September 2018

    EDIT: I setup the tunnel as you showed to OVH and it did not work, but after adding
    the below to 192.168.168.2 it worked.

       echo '112 GRE1' >> /etc/iproute2/rt_tables
       ip -4 rule add from 192.168.168.0/30 table 112
       ip -4 route add default via 192.168.168.1 table 112
    
    Thanked by 1cxcool
  • I know it's slightly off topic, but you should try WireGuard instead. It's still not production ready according to the author, but there seems to be a general consensus that it's very reliable already and many people use it in production anyway (me included). The big advantage is that it works over UDP so you don't need special configuration on your routers (or your provider's) and it's fully encrypted. Oh and it's blazing fast. Like really really fast. Switched from a GRE tunnel and I didn't observe any performance impact. YMMV.

    Thanked by 1maverickp
  • ClouviderClouvider Member, Patron Provider

    @emtecro said:
    When I was using GRE tunnel from OVH server to non ovh for game servers I had to disable iptabels to get it working. Try that maybe will help.

    Great approach to security.

    Thanked by 2ma2t FrankZ
  • @Clouvider said:

    @emtecro said:
    When I was using GRE tunnel from OVH server to non ovh for game servers I had to disable iptabels to get it working. Try that maybe will help.

    Great approach to security.

    Yeah I know... But couldnt get it working it was just a game server on it but not worth buying SYS server so used online.net server on their sale and ovh vps

  • @emtecro said:
    When I was using GRE tunnel from OVH server to non ovh for game servers I had to disable iptabels to get it working. Try that maybe will help.

    Tried it but still no luck.

    @FrankZ said:
    EDIT: I setup the tunnel as you showed to OVH and it did not work, but after adding
    the below to 192.168.168.2 it worked.

       echo '112 GRE1' >> /etc/iproute2/rt_tables
       ip -4 rule add from 192.168.168.0/30 table 112
       ip -4 route add default via 192.168.168.1 table 112
    

    Nope, doesn't work :/

    I am already using this article but this doesn't work for OVH. This works for every other host except OVH. Moreover, they have mentioned this in their article but IPIP tunnel doesn't work either with OVH(see screenshot).

  • @4mm4r You probably tried the ipip with a new os install or a different distribution? Other than the obvious mistyping of the conf or wrong route; you could pay someone to set it up.

  • FrankZFrankZ Veteran
    edited September 2018

    4mm4r said: Nope, doesn't work :/

    What was done: I followed your setup and added the manual routing for the tunnel as shown above, ip forwarding in sysctl.conf, allowed the server IPs through the firewalls, and added a forwarding rule for GRE1 in the firewalls.

    What is your output of:

    ip -4 rule show
    ip -4 route show 
    ip -4 route show table 112
    

    on both servers ?

  • @agonyzt said:
    I know it's slightly off topic, but you should try WireGuard instead. It's still not production ready according to the author, but there seems to be a general consensus that it's very reliable already and many people use it in production anyway (me included). The big advantage is that it works over UDP so you don't need special configuration on your routers (or your provider's) and it's fully encrypted. Oh and it's blazing fast. Like really really fast. Switched from a GRE tunnel and I didn't observe any performance impact. YMMV.

    Wow, that looks amazing and super simple to configure. Even if it was off-topic, thanks for sharing.

Sign In or Register to comment.