LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-05-2015, 07:09 PM   #1
password123
LQ Newbie
 
Registered: Sep 2015
Posts: 3

Rep: Reputation: Disabled
Route all traffic through GRE tunnel in OpenWrt [SOLVED]


Hi,

I'm wondering how I can route all traffic over a GRE tunnel on an OpenWrt router. I have the tunnel setup and I can add host entries and send them over the tunnel. For example:
route add -host $global_ipv4 gw $local_tunnel_ipv4 dev gre0

But, I wanted to be able to add essentially a default route were all traffic goes over the tunnel. The problem is that the default gateway (I think) needs to remain the upstream router, which is the ISP router. If I set the default route to be the GRE tunnel, nothing gets to the real world.

My route table is below. 10.0.1.1 is my upstream router. and 10.10.30.1/24 is my tunnel IP and tunnel subnet. 74.125.228.244 is an IP address for www.google.com that I used to test the tunnel. eth0 is also my WAN interface.

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.1.1        0.0.0.0         UG    0      0        0 eth0
10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.10.30.0      0.0.0.0         255.255.255.0   U     0      0        0 gre1
74.125.228.244  10.10.30.1      255.255.255.255 UGH   0      0        0 gre1
192.168.6.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
I googled around and only saw related questions where both interfaces were connected to the Internet. An explanation would be much appreciated.

Last edited by password123; 09-08-2015 at 03:00 PM.
 
Old 09-05-2015, 11:59 PM   #2
mpapet
Member
 
Registered: Nov 2003
Location: Los Angeles
Distribution: debian
Posts: 548

Rep: Reputation: 72
If I read this right, eth0 default gateway becomes 10.10.30.1.

traceroute is going to be a good tool for this problem. Enable ICMP ping on both hosts if it isn't already.

traceroute 74.125.228.244 from 10.0.1.1 once the default gateway points to the tunnel.
Post the output of that.

If I am right, the packets will hit 10.10.30.1 and then not know the next hop.

Last edited by mpapet; 09-06-2015 at 12:02 AM.
 
1 members found this post helpful.
Old 09-06-2015, 09:52 AM   #3
password123
LQ Newbie
 
Registered: Sep 2015
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by mpapet View Post
If I read this right, eth0 default gateway becomes 10.10.30.1..
I cannot add 10.10.30.1 as the default gateway for eth0 since that network is unreachable from eth0's network (10.0.1.0/24), I think.
Code:
root@OpenWrt:~# route add default gw 10.10.30.1 dev eth0
route: SIOCADDRT: Network is unreachable
Quote:
Originally Posted by mpapet View Post
traceroute is going to be a good tool for this problem. Enable ICMP ping on both hosts if it isn't already.

traceroute 74.125.228.244 from 10.0.1.1 once the default gateway points to the tunnel.
Post the output of that.
Good point on traceroute - I should have tried that first. I ran all the traceroutes from the router. It has the tunnel IP 10.10.30.1 and the remote tunnel IP is 10.10.30.2.

Code:
// successfully goes through tunnel
root@OpenWrt:~# traceroute 74.125.228.244 
traceroute to 74.125.228.244 (74.125.228.244), 30 hops max, 38 byte packets
 1  10.10.30.2 (10.10.30.2)  12.494 ms  10.793 ms  12.048 ms
 2  *  *  *
 3  *  *  *
 4  *  *^C
// Something not over tunnel, as expected
root@OpenWrt:~# traceroute 74.125.228.212
traceroute to 74.125.228.212 (74.125.228.212), 30 hops max, 38 byte packets
 1  10.0.1.1 (10.0.1.1)  0.486 ms  0.281 ms  0.352 ms
 2  *^C
Quote:
Originally Posted by mpapet View Post
If I am right, the packets will hit 10.10.30.1 and then not know the next hop
Yes, I believe they are hitting 10.10.30.1 and thus the first hop we see is the other side of the tunnel at 10.10.30.2. If I change the default gateway to be 10.10.30.1/gre1 with higher precedence than eth0, nothing gets out i.e., no output in any traceroute. Intuitively, I need everything to hit 10.10.30.1/gre1 FIRST and then hit eth0 SECOND, but is that possible?

Last edited by password123; 09-06-2015 at 09:53 AM.
 
Old 09-06-2015, 06:57 PM   #4
mpapet
Member
 
Registered: Nov 2003
Location: Los Angeles
Distribution: debian
Posts: 548

Rep: Reputation: 72
Ok, obviously I'm not 100 on the networking, but I'll keep trying.

default gw is set 10.10.30.1/gre1 on the forwarding end of the tunnel.

What does "brctl show" output?
what does "sysctl net.ipv4.conf.gre0.forwarding" output?

Can you ping a different address at the other end of the tunnel? 10.0.1.xxx on the remote box.

The other thing to do, for sure, is to add some debug rules to iptables under prerouting on each side.

http://serverfault.com/questions/386...a-centos-based

the goal being iptables logs the ping activity on each end to see where things die.
 
Old 09-08-2015, 03:00 PM   #5
password123
LQ Newbie
 
Registered: Sep 2015
Posts: 3

Original Poster
Rep: Reputation: Disabled
I got it working. The solution was quite simple so I'm not sure how I overlooked it.

1. Remove original default route to 10.0.1.1
2. Add new default route to 10.10.30.2 (other end of GRE tunnel on remote system)
3. Add a host specific route for 10.10.30.2 with a gateway of 10.0.1.1

In turn, everything hits the GRE tunnel as desired but the host specific rule along with longest prefix matching, ensures traffic goes out the 10.0.1.1 interface of eth0.

Thanks for the help mpapet!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
route http and ssh traffic normally, everything else via vpn tunnel normadize Linux - Networking 0 10-20-2013 05:44 PM
Hardware appliance that can route all traffic through ipsec tunnel zhjim Linux - Networking 6 07-23-2012 07:08 AM
redirect all internet traffic to another server using gre tunnel Night_Fall Linux - Networking 0 06-15-2012 05:16 PM
GRE tunnel nima0102 Linux - Networking 1 07-28-2009 01:12 PM
OpenVPN route issues, all traffic through VPN tunnel stuartornum Linux - Server 4 03-05-2007 03:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration