Join Log in
Score:0
PouJa avatar Ubuntu

GRE tunnel between two ubuntu servers does not work

km flag
PouJa

I'am trying to set up a gre tunnel between the two of my Ubuntu vps's. Both servers have been used from fresh installations of Ubuntu 20.04. And have no firewall active.

I performed based on this tutorial and still cannot perform successful pings from neither side. Further I explain my setup.

ServerA: 2.2.2.2

ServerB: 3.3.3.3

I want to create a GRE tunnel from server A to server B.

I have ipforwarding enabled on both servers:

cat /proc/sys/net/ipv4/ip_forward
1

On server A I setup the tunnel using:

sudo modeprobe ip_gre
sudo iptunnel add gre1 mode gre local 2.2.2.2 remote 3.3.3.3 ttl 255
sudo ip addr add 10.0.0.1/30 dev gre1
sudo ip link set gre1 up

On server B I used the following commands just like server A with local and remote ips reversed:

sudo modeprobe ip_gre
sudo iptunnel add gre1 mode gre local 3.3.3.3 remote 2.2.2.2 ttl 255
sudo ip addr add 10.0.0.2/30 dev gre1
sudo ip link set gre1 up

Now I assume I should be able to ping each server from the other. But it is 100 percent packet loss. Please tell me which part of my instructions is wrong and if it is not how can I trace my ping packets to see where and who is dropping them.

806
1 + 0
vpn
Score:1
dummyuser avatar Ubuntu
uy flag
dummyuser

the commands are generally correct. You did not provide details about the distance between the servers, I guess one of them is far away and the tunnel is crossing the internet. GRE Packets are a separate protocol group, not tcp or udp. There might be something in between -not under your control- filtering out such packets.

Debugging option:

You may check with tcpdump if GRE packets leave the source host and arrive at the destination host.

Source host:

tcpdump -i <INTERFACENAME> -n -c 300 protochain GRE and host 3.3.3.3

Now do a ping -c5 3.3.3.3 on the host with the IP 2.2.2.2 in a seconed terminal

Destination host

tcpdump -i <INTERFACENAME> -n -c 300 protochain GRE and host 2.2.2.2

Now do a ping -c5 3.3.3.3 on the host with the IP 2.2.2.2

to be replaced with your interface name.

+ 2
PouJa avatar
km flag
PouJa
Your guess is correct. servers are from separate data centers from separate countries. Do you mean that if I can see ping packets on server A interface that means the packets are successfully departing server A and if they do not arrive by server B something has blocked them in between? May the problem be from the interface?
0
Reply
dummyuser avatar
uy flag
dummyuser
correct. you may check local firewalls. `iptables -L n -v` should have ALLOW as default policy on input and output queue. You may think about use wireguard instead on GRE.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.