Gratisvps.net | Blog Daily Tech Info

This guide will walk through the setup and configuration of a GRE tunnel between two Linux hosts. The two Linux hosts are running Ubuntu 22.04 LTS. What is a GRE tunnel in networking? GRE (Generic Routing Encapsulation) tunnels encapsulate network packets inside new network packets. A virtual link is established between two hosts, allowing the hosts to communicate as if they were directly connected. The Cisco-developed tunneling protocol can encapsulate most protocol packet types. Is a GRE tunnel encrypted? Though a GRE tunnel functions similarly to a VPN, packets traveling inside a GRE tunnel are not encrypted but are instead encapsulated inside a GRE header. You must configure IPSec separately if you want to maintain data confidentiality. How to set up and configure a GRE tunnel Setting up a GRE tunnel naturally requires work on both hosts. You will need to create a tunnel interface on each, set up firewall rules, and create routing tables. For clarity, we’ll name one host “Host A” and the other “Host B”. GRE tunnel setup on Host A Enabling IP forwarding The first step is to enable IP port forwarding on our host. Without this the GRE tunnel will not work. This is possible with a single command: Creating the GRE tunnel interface Now we can create the GRE tunnel interface from Host A to Host B: Naturally, you should replace <Host_B_IP> with the IP address of your target server and <Host_A_IP> with the IP address of the machine you are currently connected to. Next, we need to assign an IP address to the GRE interface on our host: You should replace <HOST_A_PRIV_IP_GRE> with an unused private IP, for example: Now it’s a simple matter of activating the GRE interface with the following command: Setting up a firewall rule for source NAT We’ll now add a firewall rule to perform source NAT. This will translate the source IP address of packets leaving our GRE interface into public routable addresses: EXAMPLE: Creating routing table rules for the GRE tunnel interface Finally, we can add a custom routing table for the GRE tunnel that will route traffic from the GRE tunnel’s source IP through the GRE table: EXAMPLE: GRE tunnel setup on Host B For host B, the setup is the same, except of course that we must use flip the IP addresses and use a different private IP. Enabling IP forwarding We can set up IP forwarding on Host B with the same command as Host A. Creating the GRE tunnel interface Now we can create the GRE tunnel interface from Host B to Host A: You should replace <Host_A_IP> with the IP address of your first server and <Host_B_IP> with the IP address of the machine you are currently connected to. Next, we need to assign an IP address to the GRE interface on our host: You should replace <HOST_B_PRIV_IP_GRE> with an unused private IP, for example: Now it’s a simple matter of activating the GRE interface with the following command: Setting up a firewall rule for source NAT We’ll now add a firewall rule to perform source NAT. This will translate the source IP address of packets leaving our GRE interface into public routable addresses: EXAMPLE: Creating routing table rules for the GRE tunnel interface Finally, we can add a custom routing table for the GRE tunnel that will route traffic from the GRE tunnel’s source IP through the GRE table: EXAMPLE: That’s it! Your GRE tunnel should now be working. Remember, do not send any sensitive data via the tunnel without first setting up IPSec.