Setup GRE Tunnel on Ubuntu 20 Linux Server

Let’s assume that you have

Your Server IP: 64.120.121.50
Your Internal Address: 10.10.56.1/30
Lectron Internal Address: 10.10.56.2/30
Lectron Tunnel IP: 172.111.59.0/31
Next Hops: 10.10.56.1

Based on the information above,

  • the server which is actually running all the applications is 64.120.121.50
  • the IPs we are routing to your server through the GRE tunnel are 172.111.59.0 and 172.111.59.1 (or can be called 172.111.59.0/31); these are the IP you will be binding your applications to
  • the inner address is 10.10.56.1/30

What does /30 mean?

  • A 30-bit subnet mask allows for four IPv4 addresses: two host addresses, one all-zeros network, and one all-ones broadcast address.
  • Think of the ip address as binary bits. 00000000.00000000.00000000.00000000. The /30 indicates that the network portion is 30 bits so,
  • oooooooo.oooooooo.oooooooo.oooooo00. For the host bits you have 4 options, 00, 01, 10, and 11. 00 is the network and 11 is the broadcast, so you have 2 usable IP addresses
  • Netmask of /30 is 255.255.255.252, according to https://dnsmadeeasy.com/support/subnet

What does /31 mean?

  • A /31 subnet (31-bit subnet mask) is often used for an interface that is the endpoint of a point-to-point network.
  • A 31-bit subnet mask will allow for exactly two host addresses, and eliminates the broadcast and all-zeros addresses, thus conserving the use of IP addresses to the minimum for point-to-point links.
  • Netmask of /31 is 255.255.255.254
  • With a /31 subnet has 2 IPs specifically for point-to-point link. The /31 subnet only has two hosts – one for network and another for broadcast.

What does /32 mean ?

  • A /32 subnet (a subnet mask of 255.255.255.255) describes a subnet with only one usable IPv4 address
  • There are 32 bits (4 octets, which is 4 x 8 binary positions) in an IPv4 address
  • The subnet mask (either written as octets, i.e. 255.255.255.0, or in CIDR notation, i.e. /X) specifies what portion of the ip address refers to the network and what portion refers to the clients in the network. The “masked” portion is the network and the “unmasked” portion are the clients in that masked network.
  • There is an easy way of counting this and also a relatively easy way of calculating it without actually knowing the binary.
  • /32 means the entire IP range is the network, so it leaves you with just 1 “usable” address. Its equivalent to 255.255.255.255
  • For every number you go down in the cidr notation, you double your “usable” addresses… So /31 is 2, /30 is 4, /29 is 8, /28 is 16, /27 is 32, /26 is 64, /25 is 128, and /24 is 256, etc… /24 being the 255.255.255.0 subnet that is most commonly used in home networking/etc.
  • The easy way to calculate it is to subtract each octet value from 256 and then multiply them together… So 255.255.255.0 would be (256-255)*(256-255)*(256-255)*(256-0), or 256 and 255.255.0.0 would be (256-255)*(256-255)*(256-0)*(256-0) = 65536. And as long as you know the common ones (/8, /16, /24, /32) its easy to convert back and forth between them and count up or down.

Step 1 – Module loading #

For setting up a GRE tunnel on Linux you must have ip_gre module loaded in your kernel. To make sure it’s loaded just do:

sudo modprobe ip_gre
lsmod | grep gre

And you should see:

ip_gre                 #####  0
gre                    #####  1 ip_gre

If you see something else it’s possible that your kernel does not support GRE.

To forward all the traffic in and out of the GRE tunnel we’re going to use iptables and iproute2 that should be already installed in all the major linux distributions. In case they’re not installed use the following command

for Debian based distros (Ubuntu):

sudo apt install iptables iproute2

for Red Hat based distros:

sudo yum install iptables iproute2

Step 2 – Tunnel setup #

First we have to set up our tunnel.

On Server A execute this code to enable ip forwarding:

ip tunnel add lectron1 mode gre remote 172.111.59.0 local 64.120.121.50 ttl 255
ip link set lectron1 up
ip addr add 10.10.56.1/30 dev lectron1

Delete a Tunnel #

ifconfig (or ip a in Debian)

ip tunnel show

sudo ip link set <tunnel name> down

sudo ip tunnel del <tunnel name>

Leave a Reply

Your email address will not be published.