Re: [LARTC] Gre Tunneling Problem

["glynn" <glynn@itextron.com>]

Hi! sorry i wasnt able to reply to your email immediately since im busy with
my test in my newly tunnel setup.

Sure i could help you regarding in setting up gre tunneling in linux. Here
is base in own setup network need to tunnel.

I have two networks, Network A has a running Linux Slackware 7 acting as a
gateway of the private network 192.168.100.0/24. the linux server has a two
NIC, eth0 is connected to the internet with the ip address of x.x.x.x/32 and
the eth1 is connected to the hub to private network with the ip address of
192.168.100.1/24.
Same with the Network B but the Linux is running a Redhat 6.0 with a private
network 192.168.200.0/24, eth0 (internet) d.d.d.d/32 ip address and eth1
(private network) 192.168.200.1/24.

If you build this linux boxes, always include the kernel sources,
development and also some compilers coz you need to recompile your kernel if
something wont work and also for compiling the iproute2 package.

Here is the setup you need in both linux servers.
Download the iproute2 package here.
ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz

Once you download the tar, just extract is wherever you wish to extract the
package, let say /usr/local/src

extract the package
/usr/local/src# tar zxvf iproute2-current.tar.gz
go to the iproute2 folder
/usr/local/src# cd iproute2
compile the package
/usr/local/src/iproute2# make
after compiling the package go to folder ip and copy the executable file ip
to your /bin
/usr/local/src/iproute2/ip# cp ip /bin
now you have a working ip command. you can try it by typing ip addr show or
ip link show

Now masquerade both network using ipchains command, try "ipchains -L", you
will see this result if you havent setup a masq for both networks.

Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

Now enable the ip forwarding and masq

# echo 1 > /proc/sys/net/ipv4/ip_forward
# ipchains -A forward -s 192.168.100.0/24 -j MASQ
# ipchains -A forward -s 192.168.200.0/24 -j MASQ

Now try to look your ipchains table, type "ipchains -L" youll see llike this

Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
target     prot opt     source                destination           ports
MASQ       all  ------  192.168.100.0/24      anywhere              n/a
MASQ       all  ------  192.168.200.0/24      anywhere              n/a
Chain output (policy ACCEPT):

Now for the tunnel part. Load the modules for tunneling and setting the
tunnel.

#insmod ip_gre
#ip tunnel add netb mode gre remote d.d.d.d local x.x.x.x ttl 255
#ip link set netb up
#ip addr add 192.168.100.1 dev netb
#ip route add 192.168.200.0/24 dev netb

This setup is in Network A.

--------------------------------------------------------

Now do the Network B, untar iproute2 package

# echo 1 > /proc/sys/net/ipv4/ip_forward
# ipchains -A forward -s 192.168.200.0/24 -j MASQ
# ipchains -A forward -s 192.168.100.0/24 -j MASQ

#insmod ip_gre
#ip tunnel add neta mode gre remote x.x.x.x local d.d.d.d ttl 255
#ip link set neta up
#ip addr add 192.168.200.1 dev neta
#ip route add 192.168.100.0/24 dev neta

Now try ping both NIC IP address of both linux servers. if its resolving try
the private network ip's, hope its working.

wheew.

Glynn


----- Original Message -----
From: "Sagar Srivastava" <sagar@vpn.cwlglobal.com>
To: "glynn" <glynn@itextron.com>
Sent: Wednesday, January 09, 2002 4:41 PM
Subject: Re: [LARTC] Gre Tunneling Problem


> Glynn,
>
> It is nice to hear that you tunneling is working. I have setup a VPN using
> PPTP in win2000 and I am desperate to set a similar VPN in Linux. I Need
> your help!
>
> It would be nice if you tell the steps to do this, the tools you used, or
> tell me the links to the pages the describe it and also something you
would
> like to advice.
>
> Thank you very much for going through my problem.
>
> Sagar, India
> ----- Original Message -----
> From: "glynn" <glynn@itextron.com>
> To: "Greg Scott" <GregScott@InfraSupportEtc.com>; "Christoph Simon"
> <ciccio@kiosknet.com.br>; "Joe Patterson" <jpatterson@asgardgroup.com>
> Cc: <lartc@mailman.ds9a.nl>
> Sent: Tuesday, January 08, 2002 12:58 PM
> Subject: Re: [LARTC] Gre Tunneling Problem
>
>
> > Guys I just want you to know that my tunneling is working now. the only
> > thing ive addess is the NAT, i configure nat both linux boxes and it
> works.
> > thanks for the help guys, I really appreciate you help. til next time.
> >
> > Thanks
> > Glynn
> >
> > ----- Original Message -----
> > From: "Greg Scott" <GregScott@InfraSupportEtc.com>
> > To: "'glynn'" <glynn@itextron.com>; "Christoph Simon"
> > <ciccio@kiosknet.com.br>; "Joe Patterson" <jpatterson@asgardgroup.com>
> > Cc: <lartc@mailman.ds9a.nl>
> > Sent: Tuesday, January 08, 2002 8:40 PM
> > Subject: RE: [LARTC] Gre Tunneling Problem
> >
> >
> > > > btw in configuring gre tunneling in
> > > > Redhat 6.0, pls help
> > >
> > > Could this be your problem?  I thought the PPTP VPN stuff needs the
2.4
> > > kernel.  The testing I mentioned earlier was with Red Hat 7.1 on both
> ends
> > > of the tunnel, which is a 2.4.n kernel.
> > >
> > > - Greg
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: glynn [mailto:glynn@itextron.com]
> > > Sent: Monday, January 07, 2002 12:29 AM
> > > To: Christoph Simon; Joe Patterson
> > > Cc: lartc@mailman.ds9a.nl
> > > Subject: Re: [LARTC] Gre Tunneling Problem
> > >
> > >
> > > It wont work Joe, I tried everything, I almost search the howto in the
> web
> > > thru gre tunneling and almost the same. btw in configuring gre
tunneling
> > in
> > > Redhat 6.0, pls help
> > > Thanks
> > >
> > > Glynn
> > >
> > >
> > > _______________________________________________
> > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> http://ds9a.nl/lartc/
> > >
> >
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/lartc/
> >
>



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/