Konfiguracja tunelu GRE na Linuksie

W celu konfiguracji tunelu GRE na systemach rodziny Linux należy zastosować poniższe konfiguracje:

Na serwerze

allow-vpn tunnel0
iface tunnel2 inet tunnel
        address  172.18.0.4
        netmask  255.255.255.254
        local    192.168.100.101
        endpoint 192.168.100.102
        mode     gre
        mtu      1476
        post-up  /opt/vpn/vpn-policy-set 192.168.100.102/32 172.18.0.5
        pre-down /opt/vpn/vpn-policy-del 192.168.100.102/32 172.18.0.5

Na węźle

auto vpn
iface vpn inet tunnel
        address  172.18.0.5
        netmask  255.255.255.254
        local    192.168.100.102
        endpoint 192.168.100.104
        mode     gre
        mtu      1476
        post-up /sbin/ip route add 192.0.2.0/24 via 172.18.0.4

Skrypt vpn-policy-del

#!/bin/bash
# $1 DSTIP/PREFIX
# $2 TUNNEL IP

if [[ $# -eq 2 ]]
then
        /sbin/ip route del $1  table vpn
        /sbin/ip rule  del from 192.0.2.0/24 to $1 table vpn
        exit 0
fi
exit 1

Skrypt vpn-policy-set

#!/bin/bash
# $1 DSTIP/PREFIX
# $2 TUNNEL IP

if [[ $# -eq 2 ]]
then
        /sbin/ip route add $1 via $2 table vpn
        /sbin/ip rule  add from 192.0.2.0/24 to $1 table vpn
        exit 0
fi
exit 1