Why and How to Use the GRE Tunnel on Linux?

adil
4 min readJan 20, 2024

--

Part 2: How to Use Another Server as a Gateway with GRE Tunnel?

The GRE tunneling protocol is a simple and effective way to tunnel across the internet to multiple remote locations.

Photo by T K on Unsplash

GRE stands for Generic Routing Encapsulation.

Network packets are encapsulated by GRE and delivered to the destination in the prescribed format.

GRE tunnels are similar to VPN connections. GRE Tunnels are *not encrypted*, though.

However, the lack of encryption in GRE does not make it a worthless protocol.

Here are some examples of GRE tunnel use cases:

A) DDoS Protection

The vast majority of DDoS protection systems create a GRE tunnel between scrubbing centers and your infrastructure.

They transmit clean traffic by blocking DDoS attacks with their infrastructure.

B) Create a network link between the two locations.

Assume you have two servers: one in the US and the other in the UK. You may want to connect two servers in the 10.x.x.x local IP range as if there was a physical connection between them.

C) Translating traffic between IPv4 and IPv6 networks

Because packets are encapsulated, you can leverage GRE tunneling to create traffic between an IPv4-only and IPv6-only networks.

and so forth.

Let’s create a GRE Tunnel between two servers

I have one server in the UK and one in the US.
Let’s observe the installation:

The US server:

The public IP Address is 167.71.102.185
The private IP Address is 10.0.0.10

The UK Server:

The public IP Address is 178.128.42.200
The private IP Address is 10.0.0.20

I want them to connect over the 10.x.x.x network.

Of course they can’t ping each other right now:

From US to UK:

From UK to US:

These two servers will be able to ping each other thanks to the GRE tunnel.

GRE tunnels operate over the public internet. Therefore, we will need the public IP address of each server (mentioned above) to set up the tunnel.

In gre mode, I will create a tunnel interface on the US server (167.71.102.185) with the IP address of the UK server (178.128.42.200) as the remote address:

ip tunnel add adil-tunnel mode gre local 167.71.102.185 remote 178.128.42.200

I will have another private IP range for tunneling. IP routing rules will not conflict with existing private IP addresses (10.0.0.10, 10.0.0.20). I will use this IP range: 10.0.100.0/24

I will assign an IP address from the IP range that will be used to tunnel on the US server:

ip addr add 10.0.100.1/24 dev adil-tunnel

Let’s check the configuration:

The interface has been created. However, it is not in working condition. Therefore, the IP routing rule for this tunnel has not been created yet.

Finally, get the tunnel interface (adil-tunnel) up and running:

ip link set adil-tunnel up

Let’s examine the configurations:

The tunnel interface is no longer DOWN and IP routing rules have been created. Since this is not a physical interface, you may see the UNKNOWN state, which is okay.

Let’s go to the UK server and run similar commands. But this time the remote and local addresses need to be changed.

ip tunnel add adil-tunnel mode gre local 178.128.42.200 remote 167.71.102.185
ip addr add 10.0.100.2/24 dev adil-tunnel
ip link set adil-tunnel up

Apply and review the configuration:

Let’s test the connection:

As expected, RTT values are quite high since the connection is established over the public internet.

I installed a web server on the UK server and tried to access it from the US server:

Part 2: How to Use Another Server as a Gateway with GRE Tunnel?

--

--

Responses (2)