Debian
- Loading GRE module into the kernel
modprobe ip_gre
lsmod | grep gre
- Standing up GRE interface
ip tunnel add gre1 mode gre local PubIP2 remote PubIP1 ttl 255
ip addr add 10.254.254.254/30 dev gre1
ip link set gre1 up
- Setting up MTU considering all the headers IP (20 bytes), GRE (4 bytes), IPSec (64 bytes)
ip link set dev gre1 mtu 1412
ifconfig gre1
gre1: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1412
inet 10.254.254.254 netmask 255.255.255.252 destination 10.254.254.254
nano -w /etc/rc.local
# GRE
modprobe ip_gre
ip tunnel add gre1 mode gre local PubIP2 remote PubIP1 ttl 255
ip addr add 10.254.254.254/30 dev gre1
ip link set dev gre1 mtu 1412
ip link set gre1 up
- Defining traffic filtering rules (example)
nano -w /etc/iptables/rc.firewall
# GRE
gre_iface="gre1"
remote_peer="PubIP1"
$ipt -A INPUT -i $iface -p 47 -m state --state NEW -s $remote_peer -j ACCEPT
$ipt -A OUTPUT -o $iface -p 47 -m state --state NEW -d $remote_peer -j ACCEPT
$ipt -A INPUT -i $gre_iface -p icmp --icmp-type echo-request -m state --state NEW -j ACCEPT
/etc/iptables/rc.firewall
iptables -nvL
