Re: [LARTC] GRE tunnel

[Gustin Johnson <gustin@echostar.ca>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I noticed that the private ip is on the same subnet on both sides of the
tunnel.  When I have done this in the past there were two separate
subnets (eg. 10.253.253.0/24 and 10.253.254.0/24).  I have never tried
it exactly as you have.

I also do not have any more gre tunnels in service.  So this is from an
old script of mine.

Anyway, the syntax and order that I used is:

Box A
modprobe ip_gre
ip tunnel add gre0 mode gre remote 66.1.2.161 local 66.1.1.161 ttl 255
ip addr add 10.253.253.1 dev gre0
ip link set gre0 up
ip route add 10.253.254.0/24 dev gre0

Box B
modprobe ip_gre
ip tunnel add gre0 mode gre remote 66.1.1.161 local 66.1.2.161 ttl 255
ip addr add 10.253.254.1 dev gre0
ip link set gre0 up
ip route add 10.253.253.0/24 dev gre0

Hope this helps,

Greg Hartung wrote:
>    I'm still stuck on this one and could really use some help.  I just
> finished trying it on an FC3 box too to make sure it wasn't CentOS specific
> issue but there's still no output from tcpdump.
> 
>    I also spent some time looking over Cisco examples to make sure I wasn't
> misremembering the concepts.  No surprises there.
> 
>    Does anyone have any ideas or can someone suggest a more appropriate
> forum for the question?
> 
> Thanks!!
> 
> On 6/21/07 11:52 AM, "Greg Hartung" <ghartung@photobucket.com> wrote:
> 
>>   I am trying to setup GRE between two CentOS 4.5 boxes.  I have tried
>> several variations of what's listed below, but none of them work.
>>
>> box1:
>> modprobe ip_gre
>> ip link set gre0 up
>> ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev
>> eth0
>> ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
>> ip link set dev gretun up
>> ip route add 10.2.0.0/16 via 10.253.253.2
>>
>> box2:
>> modprobe ip_gre
>> ip link set gre0 up
>> ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20 dev
>> eth0
>> ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
>> ip link set dev gretun up
>> ip route add 10.1.0.0/16 via 10.253.253.1
>>
>> tcpdump shows NO rx or tx traffic from either box that isn't ARP or SSH.
>>
>>   It's as if it's not even trying to bring the tunnel up.  I'm a Cisco guy,
>> so I'm lost with my show commands.
>>
>>   The other variations I've tried consist mostly of trying different
>> combinations of on-net (in the same subnet as eth0 and even the same address
>> as eth0) and off-net (various combinations of loopback /24 and /32 addresses
>> in separate 10 space) on the 'ip addr add dev gretun' statements.  But the
>> above example is what *should* work on a Cisco, I think.  It's been a
>> while.
>>
>> How do I troubleshoot this?  This is all I've got so far:
>>
>> root@den1tun01:/home/root $ ip link
>> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen 1000
>>     link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
>> 3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
>>     link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
>> 4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
>>     link/gre 0.0.0.0 brd 0.0.0.0
>> 5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue
>>     link/gre 66.1.1.161 peer 66.1.2.161
>>
>> root@den1tun01:/home/root $ ip tun
>> gre0: gre/ip  remote any  local any  ttl inherit  nopmtudisc
>> gretun: gre/ip  remote 66.1.2.161  local 66.1.1.161  dev eth0  ttl 20
>>
>> root@den1tun01:/home/root $ ifconfig
>> eth0      Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
>>           inet addr:10.1.2.243  Bcast:10.1.3.255  Mask:255.255.254.0
>>           UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
>>           RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:1000
>>           RX bytes:230757 (225.3 KiB)  TX bytes:63937 (62.4 KiB)
>>           Interrupt:169 Memory:f8000000-f8011100
>>
>> eth0.2    Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
>>           inet addr:66.1.1.161  Bcast:66.1.1.191  Mask:255.255.255.192
>>           UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
>>           RX packets:950 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:43860 (42.8 KiB)  TX bytes:1200 (1.1 KiB)
>>
>> gretun    Link encap:UNSPEC  HWaddr
>> 42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
>>           inet addr:10.253.253.1  P-t-P:10.253.253.2  Mask:255.255.255.0
>>           UP POINTOPOINT RUNNING NOARP  MTU:8776  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:0 (0.0 b)  TX bytes:756 (756.0 b)
>>
>> gre0      Link encap:UNSPEC  HWaddr
>> 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
>>           UP RUNNING NOARP  MTU:1476  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>>
>> lo        Link encap:Local Loopback
>>           inet addr:127.0.0.1  Mask:255.0.0.0
>>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>>           RX packets:225 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:13271 (12.9 KiB)  TX bytes:13271 (12.9 KiB)
>>
>>
>> I've also tried changing the destination for the route to the near end of
>> the private subnet and tried pinging various things on the tunnel subnet and
>> remote network to create "interesting traffic" to bring the tunnel up but
>> tcpdump still shows nothing.
>>
>> Then I noticed that ping does show an error count:
>>
>> [root@den1tun01 ~]# ping 10.253.253.2
>> PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.
>>> From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
>>> From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
>> --- 10.253.253.2 ping statistics ---
>> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1000ms
>> , pipe 2
>>
>>    I can ping the local end: 10.253.253.1, but the tunnel is still
>> non-functinoal.
>>
>> Thanks!
>> Greg
>>
>> _______________________________________________
>> LARTC mailing list
>> LARTC@mailman.ds9a.nl
>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGgvFawRXgH3rKGfMRAnXQAJ9FeeexFg7Qy1M8atRipjVpmTpO+gCdG8er
10WWOmM8YDMj0m9XECRlSv8=
=PsPK
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc