{"id":3369,"date":"2018-12-08T12:01:03","date_gmt":"2018-12-08T12:01:03","guid":{"rendered":"https:\/\/tst-amo.net.ua\/blog\/?p=3369"},"modified":"2018-12-10T10:18:24","modified_gmt":"2018-12-10T10:18:24","slug":"gre","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=3369","title":{"rendered":"GRE"},"content":{"rendered":"

\u041f\u0440\u043e\u0442\u043e\u043a\u043e\u043b GRE \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u043b\u0441\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Cisco Systems \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0442\u0443\u043d\u0435\u043b\u0435\u0439. \u0418 \u0445\u043e\u0442\u044f \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f GRE \u0442\u0435\u0440\u044f\u0435\u0442 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0442\u0430\u043a \u043a\u0430\u043a \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0438 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0447\u0435\u0440\u0435\u0437 NAT, \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u0441\u0442\u0440\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0442\u0443\u043d\u043d\u0435\u043b\u044f \u043c\u0435\u0436\u0434\u0443 \u0434\u0432\u0443\u043c\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0441\u0435\u0442\u044f\u043c\u0438 \u0438\u043c\u0435\u043d\u043d\u043e GRE \u0431\u0443\u0434\u0435\u0442 \u0432 \u0447\u0438\u0441\u043b\u0435 \u0441\u0430\u043c\u044b\u0445 \u043f\u0440\u043e\u0441\u0442\u044b\u0445 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u043e\u0432.<\/p>\n

\u0414\u0432\u0430 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430 (Net-R0 \u0438 Net-R2) \u043d\u0430 \u0431\u0430\u0437\u0435 Linux CentOS 7 \u0441 \u0442\u0430\u043a\u0438\u043c\u0438 \u0432\u0432\u043e\u0434\u043d\u044b\u043c\u0438:<\/p>\n

Net-R0:<\/strong><\/p>\n

WAN enp0s3 192.168.113.63\r\nLAN enp0s8 10.0.0.1\r\nGRE 172.17.254.1<\/pre>\n
Net-R2:<\/strong><\/p>\n
WAN enp0s3 192.168.113.65\r\nLAN enp0s8 172.16.8.1\u00a0\r\nGRE 172.17.254.2\r\n<\/pre>\n
\u041f\u043e\u0434\u043d\u044f\u0442\u044c \u0442\u043e\u043d\u0435\u043b\u044c \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u0442\u044f\u043c.<\/p>\n
#\u00a0sysctl net.ipv4.ip_forward=1<\/pre>\n
Net-R0 (Host1)<\/h4>\n
# cat ifcfg-gre1\r\nDEVICE=gre1\r\nBOOTPROTO=none\r\nONBOOT=no\r\nTYPE=GRE\r\n\r\n## Addr Srv Net-R0\r\nMY_OUTER_IPADDR=192.168.113.63\r\nMY_INNER_IPADDR=172.17.254.1\r\n\r\nPEER_OUTER_IPADDR=192.168.113.65\r\nPEER_INNER_IPADDR=172.17.254.2<\/pre>\n
# cat route-gre1\r\n172.16.8.0\/24 via 172.17.254.2 dev gre1<\/pre>\n
Net-R2 (Host2)<\/h4>\n
# cat ifcfg-gre1\r\nDEVICE=gre1\r\nBOOTPROTO=none\r\nONBOOT=no\r\nTYPE=GRE\r\n\r\n## Addr Srv Net-R2\r\nMY_OUTER_IPADDR=192.168.113.65\r\n## Addr Srv in a tonnel\u00a0\r\nMY_INNER_IPADDR=172.17.254.2\r\n\r\n# Addr Peer (other side Net-R0)\r\nPEER_OUTER_IPADDR=192.168.113.63\r\nPEER_INNER_IPADDR=172.17.254.1<\/pre>\n
# cat route-gre1\r\n10.0.0.0\/24 via 172.17.254.1 dev gre1<\/pre>\n
Firewall<\/h4>\n
# firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT\r\n# firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -p gre -j ACCEPT\r\n# firewall-cmd --reload<\/pre>\n
Iptables<\/h4>\n
# iptables -I INPUT -p gre -j ACCEPT<\/pre>\n
\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c:<\/h4>\n
[root@Net-R2]# ping 10.0.0.1<\/pre>\n
[root@net-r0]# tcpdump -envvn proto gre\r\ntcpdump: listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n14:37:45.776948 08:00:27:5b:03:19 > 08:00:27:5c:5e:08, ethertype IPv4 (0x0800), length 122: (tos 0x0, ttl 64, id 761, offset 0, flags [DF], proto GRE (47), length 108)\r\n   192.168.113.65 > 192.168.113.63: GREv0<\/span>, Flags [none], proto IPv4 (0x0800), length 88\r\n   (tos 0x0, ttl 64, id 24605, offset 0, flags [DF], proto ICMP (1), length 84)\r\n   172.17.254.2 > 10.0.0.2: ICMP echo request, id 9655, seq 1, length 64\r\n14:37:46.957099 08:00:27:5b:03:19 > 08:00:27:5c:5e:08, ethertype IPv4 (0x0800), length 122: (tos 0x0, ttl 64, id 1554, offset 0, flags [DF], proto GRE (47), length 108)\r\n   192.168.113.65 > 192.168.113.63: GREv0, Flags [none], proto IPv4 (0x0800), length 88\r\n   (tos 0x0, ttl 64, id 24723, offset 0, flags [DF], proto ICMP (1), length 84)\r\n   172.17.254.2 > 10.0.0.2: ICMP echo request, id 9655, seq 2, length 64<\/pre>\n
\u041a\u0440\u0430\u0442\u043a\u0430\u044f \u0448\u043f\u0430\u0440\u0433\u0430\u043b\u043a\u0430:<\/h4>\n
HOST1: ip link add grelan type gretap  local <IP1> remote <IP2>\r\nHOST1: ip link set grelan up\r\nHOST1: iptables -I INPUT -p gre -s <IP2> -j ACCEPT\r\nHOST2: ip link add grelan type gretap local <IP2> remote <IP1>\r\nHOST2: ip link set grelan up\r\nHOST2: iptables -I INPUT -p gre -s <IP1> -j ACCEPT<\/pre>\n
\"image_pdf\"<\/a>\"image_print\"<\/a><\/div>","protected":false},"excerpt":{"rendered":"
\u041f\u0440\u043e\u0442\u043e\u043a\u043e\u043b GRE \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u043b\u0441\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Cisco Systems \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0442\u0443\u043d\u0435\u043b\u0435\u0439. \u0418 \u0445\u043e\u0442\u044f \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f GRE \u0442\u0435\u0440\u044f\u0435\u0442 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0442\u0430\u043a \u043a\u0430\u043a \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0438 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0447\u0435\u0440\u0435\u0437 NAT, \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u0441\u0442\u0440\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0442\u0443\u043d\u043d\u0435\u043b\u044f \u043c\u0435\u0436\u0434\u0443 \u0434\u0432\u0443\u043c\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0441\u0435\u0442\u044f\u043c\u0438 \u0438\u043c\u0435\u043d\u043d\u043e GRE \u0431\u0443\u0434\u0435\u0442 \u0432 \u0447\u0438\u0441\u043b\u0435 \u0441\u0430\u043c\u044b\u0445 \u043f\u0440\u043e\u0441\u0442\u044b\u0445 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u043e\u0432. \u0414\u0432\u0430 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430 (Net-R0 \u0438 Net-R2) \u043d\u0430 \u0431\u0430\u0437\u0435 Linux CentOS …<\/p>\n
Continue reading ‘GRE’ »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[196,47,198],"tags":[],"class_list":["post-3369","post","type-post","status-publish","format-standard","hentry","category-gre","category-linux","category-tunnels"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3369"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3369"}],"version-history":[{"count":5,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3369\/revisions"}],"predecessor-version":[{"id":3384,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3369\/revisions\/3384"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}