Shulou(Shulou.com)05/31 Report--

Today, the editor will share with you the relevant knowledge points about how to deploy GRE in the Linux environment. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article. Let's take a look at it.

Introduction to GRE (not supported by Windows) GRE

GRE (Generic Routing Encapsulation) protocol encapsulates the data packets of some network layer protocols (such as IP and IPX), so that these encapsulated data packets can be transmitted in another network layer protocol (such as IP). GRE adopts Tunnel (tunneling) technology, which is the third layer tunneling protocol of V_P_N (Virtual Private Network).

Advantages of GRE

The implementation mechanism of GRE is simple, and the burden on the devices at both ends of the tunnel is small.

The GRE tunnel can connect the local network of various network protocols through the IPv4 network, which effectively uses the original network architecture and reduces the cost.

GRE tunnel expands the working scope of hop-limited network protocol and allows enterprises to design network topology flexibly.

GRE tunnel can encapsulate multicast data, and when used with IPSec, it can ensure the security of voice, video and other multicast services.

GRE tunnel supports enabling MPLS LDP, uses GRE tunnel to carry MPLS LDP packets, establishes LDP LSP, and realizes the interworking of MPLS backbone network.

GRE tunnels connect discontiguous subnets and are used to build V_P_N to achieve a secure connection between corporate headquarters and branches.

Experiment:

Use GRE to build a simple v_p_n that can be accessed normally using the client (Windows does not support GRE, so use two Linux hosts)

Experimental extension

Hostname IP address clienteth4 201.1.2.10proxyeth0 192.168.19.130

Eth4 201.1.2.5

Step 1: enable the GRE module (both client and proxy)

1) View the modules currently loaded by the computer

Lsmod # displays a list of modules lsmod | grep ip_gre # determines whether the gre module is loaded

2) load module ip_gre

Modprobe ip_gre

3) View module information

Modinfo ip_gre# / lib/modules/4.18.0-240.el8.x86_64/kernel Linux all the modules are here # find /-name "* .ko *" | wc-lumb250 our Linux system has 2501 built-in modules, and my Linux system closes the module for the name of the Redhat8.3#rmmod module

Step 2: create a V_P_N tunnel for Client hosts

1) create a tunnel

Ip tunnel add tun0 mode gre remote 201.1.2.5 local 201.1.2.10#ip tunnel add creates a tunnel (tunnel name is tun0). Ip tunne help can view the help # mode sets tunnel mode # local is followed by the local IP address, and the IP of the tunnel is established with other hosts after the remote

2) enable the tunnel (similar to network card startup)

Ip a s # to view all the Nic information of this machine, the tunnel added is generally the last, and ip link showip link set tun0 up # is turned off by default to enable tunnel ip link show.

3) configure tunnel IP address for V_P_N

Ip a sip addr add 10.10.10.10 ip a sip addr add 24 peer 10.10.10.5 ip a s 24 dev tun0# set the local ip for the tunnel tun0 (10.10.10.10 ip a s 24) # the tunnel IP of the host ip opposite the tunnel is (10.10.10.5 ip a s 24) ip a s # check whether the IP has been added successfully

4) turn off the firewall

Step 3 of systemctl stop firewalld: create a V_P_N tunnel for proxy hosts

1) View the modules currently loaded by the computer and load them

Lsmod # displays a list of modules lsmod | grep ip_gre # determines whether the gre module modprobe ip_gre is loaded

2) create a tunnel

Ip tunnel add tun0 mode gre remote 201.1.2.10 local 201.1.2.5

3) enable the tunnel (similar to network card startup)

Ip link set tun0 up # enable tunnel ip link show

4) configure tunnel IP address for VPN

Ip addr add 10.10.10.5/24 peer 10.10.10.10/24 dev tun0ip a s

5) turn off the firewall

Systemctl stop firewalld

6) enable routing forwarding (soft routing)

Echo "1" > / proc/sys/net/ipv4/ip_forward#1 enable routing forwarding # 0 turn off routing forwarding # after route forwarding is enabled, others can access something else by accessing the server and forwarding through the server step 4: start testing

These are all the contents of the article "how to deploy GRE in Linux". Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.