Protecting a Windows Server using a GRE Tunnel

lab linux gre

Introduction #

Microsoft Windows Server 2016 and up natively supports Generic Routing Encapsulation tunnel. This is a great news because prior to this, all DDoS protection providers always had to provide workaround hacks for this type of incredible solution.

A Lectron GRE tunnel protects your server(s) from DDoS attacks, makes it more secure, more protected, transparrent, and cheaper to operate than Lectron proxy solution. It’s also more difficult to configure. With the popularity of consumer Windows native applications such as FiveM (GTA5 Online open source server software), the difficulty is a roadblock for adoptation. We need to solve that.

Since 2016, GRE Tunnel is possible on Windows Server 2016 and up, including Windows Server 2019. The only problem is, due to the enterprise nature of Windows Server, there is no comprehensive guide on the internet that shows people how to do so. In fact, when I, Viet York, tried to look for all the possible ways to configure GRE tunnel for Windows Server on the internet in July 2021, as well as hiring every possible CCNA freelancers on the freelance marketplaces, there’s no luck. After days of researching and tons of reading, I have found the way.

Now, I’m glad to say that, we are here to solve that. Let this be the first guide of configuring GRE Tunnel for Windows Server 2016, as simple as possible.

Let’s jump right into it!

Notes #

  • Only possible on Windows Server 2016 and up
  • Windows Firewall must be enabled on the server, ensure all your services are whitelisted in your firewall.
  • Requires an Ethernet (802.1) Internet Connection
  • This will fully encapsulate (preserve backend IP of your server) running on the Microsoft Windows platform.

What you have #

peer (Your server public IP address): 68.68.68.68,    
path_inet (Path Inner Addr): 10.10.56.2/30 
cust_inet (Cust Inner Addr): 10.10.56.1/30 
route (protected tunnel public IP provided to you by us, Lectron): 168.100.15.0/31
nexthops: [10.10.56.1]

Steps #

Please follow the steps below carefully. The guide below is done on Windows Server 2019.

1. Install the RRAS Features #

  • Open Windows Search, search for and open Server Manager
  • Click on Add Roles and Features
  • At the Before You Begin section, click Next
  • At the Installation Type section, click Next
  • At the Server Selection section, click Next
  • At the Server Roles section, choose and tick on the box Remote Access, then click Next
  • At the Features section, click Next
  • At the Remote Access section, click Next
    • At the Role Services section (inside the Remote Access Section), make sure you tick to enable the following features:
      • DirectAccess and Routing (RAS)
      • Routing
  • At the Web Server Roles (ISS), click Next
  • At the Confirmation section, click Install

Now your RRAS features are being installed. Please wait for the feature installation to complete successfully.

After completion of installation, click Close.

2. Now, let’s configure #

  • In the current Server Manager, click on Remote Access section
  • In the Remote Access section, hover over the Tools menu on the top right of the screen, then click Routing and Remote Access
  • You will see your server ID (local) showing up as a section right under the section Server Status
    • Right click on your server ID, choose Configure and Enable Routing and Remote Access
    • Click Next
    • Click Custom configuration

4 Responses

    1. Thank you for letting me know! Let me personally rewrite and edit it.

      The GRE Tunnel setup for Windows is quite tricky and we’re still finalizing the tutorials. Please wait for a few days and I’ll push the updated tutorial out for you.

Leave a Reply

Your email address will not be published.