GRE Tunnel

How to configure a GRE Tunnel in CentOS

GRE stands for Generic Routing Encapsulation and is a tunneling protocol that was developed by Cisco. You can encapsulate layer 2 network traffic and more over a tunnel over the internet. It is useful to share VLANs to remote sites over the internet, but there is quite a bit of chatter over the lines, so it can be resource intensive. On its own, a GRE tunnel is not encrypted so remain cognizant of the protocols used in communication. Use https instead of http for web services, and ssh instead of telnet (if anyone is still using telnet), LDAPS instead of LDAP, etc. In order to encrypt this traffic, you will want to setup an IPSEC tunnel.

Configuring a GRE Tunnel on CentOS is fairly straightforward, but not very well documented.

In the example, we’ll tunnel internal VLAN 77 (192.168.77.0/24) between Boston and Seattle. The public facing IPs are fictitious just as an example. For Boston we’ll use grebos.centoshowtos.org – 216.52.2.41 and for Seattle gresea.centoshowtos.org – 141.136.108.122.

centhowto-gre

Load GRE Kernel Module

We need to load the gre kernel module, and also set it to load at boot time.

modprobe ip_gre

Now set it to start at boot.

echo "/sbin/modprobe ip_gre > /dev/null 2>&1" > /etc/sysconfig/modules/ip_gre.modules && chmod 755 /etc/sysconfig/modules/ip_gre.modules

Create ifcfg-tun0 Configuration Files

We need to create the configuration files for the GRE tunnel. These files live alongside your CentOS network device files in /etc/sysconfig/network-scripts/

grebos.centoshowtos.org

Create ifcfg-tun0 file. Please note, the internal and external interfaces must already be configured and plugged into the correct ports for each network.

vi /etc/sysconfig/network-scripts/ifcfg-tun0

The file should look like this (except your IPs will be different)

DEVICE=tun0
BOOTPROTO=none
ONBOOT=no
TYPE=GRE
PEER_OUTER_IPADDR=216.52.2.41
PEER_INNER_IPADDR=192.168.77.253
MY_INNER_IPADDR=192.168.77.254

gresea.centoshowtos.org

Create ifcfg-tun0 file where the network interface scripts are.

vi /etc/sysconfig/network-scripts/ifcfg-tun0

The file should look like this (except your IPs will be different)

DEVICE=tun0
BOOTPROTO=none
ONBOOT=no
TYPE=GRE
PEER_OUTER_IPADDR=141.136.108.122
PEER_INNER_IPADDR=192.168.77.254
MY_INNER_IPADDR=192.168.77.253

Bring tun0 interfaces online and verify

Now that we have the configuration files setup, we will need to bring up the tunnel interfaces and verify that they came online properly.

grebos.centoshowtos.org

We’ll just use the ifup command to bring up the interfaces.

ifup tun0

Now we can verify with the ifconfig command.

ifconfig tun0

gresea.centoshowtos.org

We’ll just use the ifup command to bring up the interfaces.

ifup tun0

Now we can verify with the ifconfig command.

ifconfig tun0

Test the connection

At this point the tunnel should be online, and the machines should be able to reach one another via internal IP addresses. Lets ping each other and make sure everything looks ok – make sure your firewall isn’t dropping ICMP packets if it doesn’t work.

grebos.centoshowtos.org

Ping gresea.centoshowtos.org internal address

ping 192.168.77.253

gresea.centoshowtos.org

Ping grebos.centoshowtos.org internal address

ping 192.168.77.254
(Comments)

Comments