Creating a GRE tunnel with Vyatta
Today there is common-to-peer communications between companies, organizations, users, etc. With Vyatta can get this type of communication at zero cost, according to the requirements of scalability and performance with minimal hardware.
Example is the following illustration, which shows the existence of a tunnel between the headquarters and a branch over the Internet, without the need for expensive point to point lines to deploy and manage.
For this article we have two virtual machines operating with Vyatta installed. These have two network cards each, to be used in the internal network and the Internet. If you have not installed these machines can continue in this blog article Installing Vyatta Open Networking .
Once we have prepared the test environment, we will list the steps to follow for the article:
- Assign the address to the various devices.
- Setting up headquarters.
- Configure branch.
- Create static routing.
- Testing the solution.
Assign the address to which device
First of all let's set the address to use for the article, to avoid doubts in shaping our environment. We can be guided by the main illustration, if we thus find it easier, but recommend that in any facility, project or problem resolution schemes on paper we use, so all we will be more easy and comfortable.
The headquarters will use the following address:
- LAN: 192.168.1.0/24
- Router LAN Interface: 192.168.1.254/24
- Router WAN interface: 10.10.10.1/24
- Router Interface TUNNEL: 1.1.1.1/30
In the branch will use the following address:
- LAN: 192.168.2.0/24
- Router LAN Interface: 192.168.2.254/24
- Router WAN interface: 10.10.10.2/24
- Router Interface TUNNEL: 1.1.1.2/30
For the laboratory we have assembled a schematic which specifies the configuration of our VMware Server 2.
Setting up headquarters
Then we started to set up your router, enter credentials for it and enter the configuration mode with the configure command.
The next step is to configure the internal interface of our router and the external interface. To do this we introduce the commands:
- September ethernet interfaces <interfaz interna> address 192.168.1.254/24
- September ethernet interfaces <interfaz externa> address 10.10.10.1/24
Now let's set the description of the two previously configured interfaces and the host name of our router and enable SSH and HTTPS. To make this setting we introduce the following commands:
- September ethernet interfaces description <interfaz interna> <description interfaz>
- September ethernet interfaces description <interfaz externa> <description interfaz>
- September <name> system host-name
- ssh service in September
- https service in September
Then we are to save the changes before continuing with our setup, to avoid any loss. It is advisable to save the changes every few data configured as a fault in the device we will have to reconfigure the missing parameters. To execute the commands that commit to apply the settings and save command to save the changes.
Now we will enlist the tunnel interface will use to connect the headquarters to the branch, we will assign a description and an IP address.
- September túnel> <interfaz tunnel interfaces
- September túnel> <interfaz tunnel interfaces description interfaz> <description
- September tunnel interfaces túnel> address 1.1.1.1/30 <interfaz
In the next step is to configure our IP tunnel that we use as the source and destination IP, in other words, if we were talking about the Internet would be our public address assigned by our ISP. In our case we have emulated the ISP assigned IP address 10.10.10.1 and 10.10.10.2 (our public addresses). Therefore in our headquarters use the source address as the address 10.10.10.1 and 10.10.10.2 remote management. We enter the following command:
- September tunnel interfaces tun0 10.10.10.1 local-ip
- September tunnel interfaces tun0 10.10.10.2 remote-ip
The following to configure the encapsulation to be used with our tunnel, in our case we use GRE. To do this execute the command:
- September interfaces tun0 tunnel encapsulation gre
To finish setting up our central router again apply our changes and save them to commit and save commands.
We have set in our central router the tunnel now configure the router to the branch.
Set branch
To configure the router for the branch will do the same steps as with the headquarters router, to that end we will show all the commands that apply to this router.
- configure
- September ethernet interfaces <interfaz interna> address 192.168.2.254/24
- September ethernet interfaces <interfaz externa> address 10.10.10.2/24
- September ethernet interfaces description <interfaz interna> <description interfaz>
- September ethernet interfaces description <interfaz externa> <description interfaz>
- September <name> system host-name
- ssh service in September
- https service in September
- commit
- save
With the previous commands already have the basic setup of our interfaces, then configure our tunnel interface.
The last step is to configure the tunnel, follow the same steps as above but changing the tunnel routing, we show the commands to execute.
- September túnel> <interfaz tunnel interfaces
- September túnel> <interfaz tunnel interfaces description interfaz> <description
- September tunnel interfaces <interfaz túnel> address 1.1.1.2/30
- September tunnel interfaces túnel> <interfaz local-ip 10.10.10.2
- September tunnel interfaces <interfaz túnel> remote-ip 10.10.10.1
- September túnel> <interfaz encapsulation tunnel interfaces gre
- commit
- save
To check the operation of our tunnel ping from router to router CENTRAL BRANCH, so we need to leave the configuration mode, you type the command exit. Once in the user mode ping 1.1.1.1. To stop the ping press CTRL + C.
Create static routing
In order to reach existing LANs need to create static routes. To do this in the router CENTRAL run the following command in configuration mode, where you enter the destination network and the remote IP of our tunnel.
- September protocols static route 192.168.2.0/24 next-hop 1.1.1.2
- commit
- save
We perform the same procedure on the router of the branch.
- September protocols static route 192.168.1.0/24 next-hop 1.1.1.1
- commit
- save
Testing the solution
Finally we saw that our tunnel malfunctioned, now we see that routing is correct, for it to launch a ping from the router LAN opposite. We show a ping from the router CENTRAL made to the LAN of the branch and a ping from the router to the LAN BRANCH of the focuses.
CENTRAL Ping router -> router internal interface BRANCH
Ping BRANCH router -> router internal interface CENTRAL
Did you like this article?
About José Luis Gómez Ferrer de Couto
ICT Manager Soltel SolutionsTranslator
Categories
- Storage (8)
- NexentaStor (1)
- Openfiler (1)
- QNAP (4)
- Databases (1)
- Oracle (1)
- Citrix (20)
- Branch Repeater (WANScaler) (3)
- Licensing (2)
- NetScaler (3)
- Provisioning Services (8)
- XenApp (2)
- XenDesktop (5)
- XenServer (3)
- E (3)
- Linux (1)
- Debian (1)
- Maintenance (2)
- Microsoft (3)
- SQL Server (2)
- Windows (1)
- Networks (18)
- GNS3 (1)
- Tools (10)
- Monitoring (1)
- Syslog (1)
- Vyatta (4)
- VMware (2)
- ESX & vSphere (2)
Calendar
| L | M | X | J | V | S | D |
|---|---|---|---|---|---|---|
| «November | Jan » | |||||
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
Collaborate
Records
- July 2010 (2)
- June 2010 (6)
- May 2010 (6)
- April 2010 (3)
- March 2010 (1)
- February 2010 (1)
- January 2010 (5)
- December 2009 (16)
- November 2009 (9)
- August 2008 (1)
December 27, 2009 - 12:14
Very good article pips, "the time on this tunnel ipsec Gre?. A hug.
December 28, 2009 - 14:52
Very good Jose
What a joy to see you here. If God wants this week will be the item with IPSEC, GRE both use it to use just IPSEC.
A greeting.