Sysadmin for IP tunnel config?

Discussion in 'Mail Chat' started by reddorado, Apr 10, 2012.

  1. reddorado

    reddorado VIP

    Joined:
    Jan 24, 2012
    Messages:
    86
    Likes Received:
    33
    Trophy Points:
    0
    Hey there,
    Anyone know a good linux sysadmin looking for some freelance work?

    We need a GRE tunnel configured from our main server to a server we've leased with some mailing IPs. Both are running linux (CentOS 5.x). We don't have a full-time sysadmin on staff and are looking for someone to help with this. Figured you guys have maybe encountered this before. ;)

    If you know someone, please let me know (PM or in this thread). Obviously we'll pay a fair rate for the service.

    Thanks!
     
  2. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,140
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    That's a 2 minute job, if that.
     
  3. thepump

    thepump New Member

    Joined:
    Dec 1, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Yeah it's a really simple job.

    I have a few contacts but you will probably get a faster response and job done on odesk or similar freelancing service and someone you can have in your rolodex for later. Just don't pick the cheapest applicant, make sure they have years of admin experience and some rep on the platform so you can be assured the work will be done right.
     
  4. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,140
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    I can get it done for you. I have already posted instructions on gre tunneling on this forum somewhere.
     
  5. JohnFarrell

    JohnFarrell VIP

    Joined:
    Apr 13, 2011
    Messages:
    828
    Likes Received:
    35
    Trophy Points:
    0
    Did you get this taken care of?
     
  6. Fun4uoc

    Fun4uoc VIP

    Joined:
    Apr 22, 2011
    Messages:
    605
    Likes Received:
    23
    Trophy Points:
    28
    I think it got moved up to the PH.
     
  7. reddorado

    reddorado VIP

    Joined:
    Jan 24, 2012
    Messages:
    86
    Likes Received:
    33
    Trophy Points:
    0
    Yeah I looked and was unable to find nickphx's post since I don't have PH access. But Nick PM'd me some very useful tips that I'll be trying out tonight. (Thanks Nick!!)

    I'll let you guys know if it works. Thanks very much for your responses.
     
  8. reddorado

    reddorado VIP

    Joined:
    Jan 24, 2012
    Messages:
    86
    Likes Received:
    33
    Trophy Points:
    0
    Nickphx pointed out (in a PM) that I need to add some sysctl calls to the remote IP server:

    Thanks Nick! But I'm still dead in the water. So I thought I would post here what I've encountered and see if anyone has thoughts. Once I figure this out, I will write up some good documentation that we can post in this forum and everyone can refer to later.


    Let's say I've got the following:
    Code:
    [Main Server]      Public IP 1.2.3.4
    [Remote IP Server] Public IP 5.6.7.8, IP Range  5.5.5.0/24
    I create the first tunnel from the main server using the public, external IPs:
    Code:
    ip tunnel add tun0 mode gre local 1.2.3.4 remote 5.6.7.8
    ip link set dev tun0 up
    Next step (I think) is to add an IP address to the tunnel interface:
    Code:
    ip address add dev tun0 x.x.x.x
    1. What's the right IP address to use here? Seems that it needs to be IPs in the IP range (5.5.5.0/24) otherwise I will be unable to bind to them on this machine. But some docs I've read indicate that it should be a local IP (1.2.3.4). For the record I've tried and failed at both.
    2. Should I add a " peer x.x.x.x" portion? If so, do I use 5.6.7.8?

    Next step (I think) is to add a route:
    Code:
    ip route add dev tun0 5.5.5.0/24
    1. Do I need a "via x.x.x.x" portion? When I use "via 5.6.7.8" I get "RTNETLINK answers: Network is unreachable". If I omit the via, the command completes without error.

    But trying all the combinations, nothing seems to work. If I do this:
    Code:
    ip tunnel add tun0 mode gre local 1.2.3.4 remote 5.6.7.8
    ip link set dev tun0 up
    ip address add dev tun0 1.2.3.4
    ip route add dev tun0 5.5.5.0/24
    then my netcat bind fails (which makes sense):
    Code:
    nc -s 5.5.5.1 b.mx.mail.yahoo.com 25
    nc: bind failed: Cannot assign requested address
    If I do this:
    Code:
    ip tunnel add tun0 mode gre local 1.2.3.4 remote 5.6.7.8
    ip link set dev tun0 up
    ip address add dev tun0 5.5.5.1
    ip route add dev tun0 5.5.5.0/24
    then my netcat bind just hangs.

    I think I'm missing something fundamental. Everything on the internet is using GRE tunneling to connect two private networks, which isn't helping.

    Here are some docs:
    http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.tunnel.gre.html
    http://www.policyrouting.org/iproute2.doc.html
     
  9. rootshell

    rootshell New Member

    Joined:
    May 24, 2011
    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    0
    You could try creating the following script, making it executable and running it on boot. (after editing IPs as needed, of course)

    #/startup.sh
    #Probe for the GRE module
    modprobe ip_gre
    #Create the tunnel, bring it up, and assign an IP
    ip tunnel add rtr mode gre remote 5.6.7.8 local 1.2.3.4 ttl 255
    ip link set dev rtr up
    ip addr add 192.168.1.0/24 dev rtr (NAT network for use inside the tunnel itself)
    #Configure the system to proxy ARP and to route packets
    echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
    echo 1 > /proc/sys/net/ipv4/conf/rtr/proxy_arp
    echo 1 > /proc/sys/net/ipv4/ip_forward
    #Tell the system that IPs 3-254 are through the tunnel.
    #This sends the packets to the right place, but it also
    #tells the system to proxy ARP for those IPs
    for i in {3..254}
    do
    ip route add 5.6.7.$i/32 dev rtr
    done
     
    Last edited: Apr 14, 2012
  10. rohaven

    rohaven New Member

    Joined:
    Sep 2, 2013
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    Gender:
    Male
    Location:
    CA
    Where??
    Can you send the link?
     
  11. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,140
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    no sir.

    that creates a tunnel device, if you specified dev eth0 it would return an error.
    when adding ip addresses and routes you would need to specify which device.
     
  12. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,140
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    Nice. I'm lazy and go with the least amount of typing. I learned something new today.
     

Share This Page