Penguin
Note: You are viewing an old revision of this page. View the current version.

I started having a look at GRE as a way to connect a cisco user to the MetaNet. There isn't much chance of porting WANd/Etud to IOS, so we have to make do with a protocol IOS understands already, and thankfully IOS does GRE well. We could have used PPTP as well, but it was messier.

I refer to the Linux 2.4 Advanced Routing HOWTO for most of this. In order to simplify things, I wrote a simple script to run at each end, although its entirely probably that there are better system scripts to use for this sort of thing.

To do GRE Tunneling, you need a few things first:

  • the linux 2.4.x series kernel (or later)
  • the iproute package. This provides /sbin/ip, and the new codeset for the network API under 2.4
  • the ip_gre module (CONFIG_NET_IPGRE)
  • maybe a few more options, I cant remember. :)

The URL mentioned above covers things fairly nicely, but it took a little bit of playing to get things working nicely.

As a note, if you are running a firewall on your external interface, make sure that you are allowing protocol 47 (GRE) in. eg

iptables -A in --protocol gre -J ACCEPT


  1. /bin/sh

NAME="gre0" REMOTEIP="ip.of.other.end" LOCALIP="ip.of.this.end"

NETWORK="remote network address NETBITS="remote network netbits (eg, /24)"

TUNNEL_LOCAL="ip.of.gre0.here"

IP="/sbin/ip" ${IP} tunnel add ${NAME} mode gre remote ${REMOTEIP} local ${LOCALIP} ttl 255 ${IP} link set ${NAME} up ${IP} addr add ${TUNNEL_LOCAL} dev ${NAME} ${IP} route add ${NETWORK}/${NETBITS} dev ${NAME}


So this script can be set up at either end - obviously make sure that the REMOTEIP, LOCALIP, NETWORK, NETBITS and TUNNEL_LOCAL values are set appropriately.

once this works, you should be able to ping hosts across the tunnel. If you find it doesn't work, try tcpdumping the interface (in this case, gre0). I found I was seeing icmp echo-requests and echo-responses, but they weren't actually being delivered. Turns out my firewall on ppp0 was dropping the gre protocol on the floor. If you dont see any responses, it might be that the other end is dropping gre on the floor.

if you want to bring a tunnel down...


  1. /bin/sh

NAME="gre0" IP="/sbin/ip"

${IP} link set ${NAME} down ${IP} tunnel del ${NAME}