Sign in to follow this  
Followers 0
Original Poster

GRE?

42 posts in this topic

hello again people of the networking forum I know how much you are dying to hear my next issue :P...

 

I am setting up a GRE tunnel... though its a bit weird im using a debian linux behind an office network to connect to the tunnel, the tunnel is setup for me i just need to connect...

 

ip tunnel add gre1 mode gre remote TUNNELIP local IP-OF-LINUX(connected to office router) ttl 255

ip link set gre1 up

ip addr add 10.10.10.1/30 dev gre1

 

I have run these commands, the ip address i used as the local was my private address of the linux machine, should i be using my public address?

Share this post


Link to post
Share on other sites

Yeah your trying to setup a gre tunnel through a nat.. Good luck with that, does the router your going through allow protocol 47? Is it forwarded to your IP on your side?

Share this post


Link to post
Share on other sites

Yeah your trying to setup a gre tunnel through a nat.. Good luck with that, does the router your going through allow protocol 47? Is it forwarded to your IP on your side?

I have set up a forwarder anything on 47 will go to my linux box, though allowing it? I assume it does as it is letting me forward it, cant see any other settings/fire wall to change (netgear router ftw, small office :( ) 

Share this post


Link to post
Share on other sites

47 the protocol - not the port.

Share this post


Link to post
Share on other sites

47 the protocol - not the port.

ahh il have a look xD I dunno why I thought port

Share this post


Link to post
Share on other sites

47 the protocol - not the port.

I cannot tell on this thing....I dont think il have a problem...but there is nothing about service forwarding just service blocking (Id prefer it so much more if i could just create my own router using an ITX, but apprently I am strapped for time)

Share this post


Link to post
Share on other sites

What router are you using - I doubt many soho support protocol forwarding. What is the other end that your connecting too? Why do you want to setup a gre tunnel? And why would the tunnel not be router to router, vs some box behind the nat router?

Share this post


Link to post
Share on other sites

What router are you using - I doubt many soho support protocol forwarding. What is the other end that your connecting too? Why do you want to setup a gre tunnel? And why would the tunnel not be router to router, vs some box behind the nat router?

I can only answer some of those questions the ones I can answer is, we are a small company (a small office) having loads of networking equipment is not possible. the router is a wnr1000v2 ...sadly that is all i can answer :(

 

I seem to be pinging the address at the end of the tunnel 10.10.10.2/30 ...but i am not sure if its just ghosting...

Share this post


Link to post
Share on other sites

What router are you using - I doubt many soho support protocol forwarding. What is the other end that your connecting too? Why do you want to setup a gre tunnel? And why would the tunnel not be router to router, vs some box behind the nat router?

i got them to skip the GRE and go straight for a VPN....how do i set up a VPN ? :D 

Share this post


Link to post
Share on other sites

what vpn is it - lets hope ssl based and not some other protocol that your soho router doesn't support :)

That router is something you would have in a home on a budget, not a company or business location of any size ;) Its like a $25 router for gosh sake.

Share this post


Link to post
Share on other sites

what vpn is it - lets hope ssl based and not some other protocol that your soho router doesn't support :)

That router is something you would have in a home on a budget, not a company or business location of any size ;) Its like a $25 router for gosh sake.

 

:( I know, its a new company I just came in recently and have to do all of this stuff... well mr budman :D I am in control (and bricking it) tell me what kind of VPN I should use... ive started with open vpn.... lol

Share this post


Link to post
Share on other sites

so openvpn is the other end.. That is easy - your just a road warrior then? Your not wanting a site to site connection. Just install the client on the box you want to use and put in the info.

Well if they are using a home wireless router, you got lots of low hanging fruit to pick ;)

Share this post


Link to post
Share on other sites

so openvpn is the other end.. That is easy - your just a road warrior then.. Just install the client on the box you want to use and put in the info.

Well if they are using a home wireless router, you got lots of low hanging fruit to pick ;)

 

 

sadly I dont know what they will be using I was just hoping to use open vpn my end...dont know about them yet... im waiting to hear about their equipment.... they are ALOT bigger then the company i work in and its network orientated so something tells me it will be serious kit.

Share this post


Link to post
Share on other sites

You can use SSL VPN, Site to Site VPN. With SSL you can use client or a web browser to connect to the other site/network with Site to Site you don't need any client you're connected 24/7. What is your porpuse of using this VPN? Is it office to office and you want to use the resource at the other site all the time then you should go with S2S VPN otherwise use SSL.

 

As for GRE it seems your router doens't support it.

 

Edit: Didn't see the last two replies. :)

Share this post


Link to post
Share on other sites

You can use SSL VPN, Site to Site VPN. With SSL you can use client or a web browser to connect to the other site/network with Site to Site you don't need any client you're connected 24/7. What is your porpuse of using this VPN? Is it office to office and you want to use the resource at the other site all the time then you should go with S2S VPN otherwise use SSL.

 

As for GRE it seems your router doens't support it.

 

Edit: Didn't see the last two replies. :)

yea 24 hour is preferable lol....I DONT KNOW lol i hate being under fire like this I have never set a vpn before and Im starting to look like an idiot infront of partners

Share this post


Link to post
Share on other sites

Here is the thing if you want a site to site.. Ie network at your location talks to network at their location. This really needs to be done router to router at the edge of the networks. Trying to set it up from a box inside your nat for your whole network to use is not best method.

And I sure wouldn't setup gre for site to site, GRE is not even encrypted.

What I would suggest is ask them what vpn technologies they support at their router, and then get a router for your end that supports that.

Share this post


Link to post
Share on other sites

As a side note I am curious as to why you are on the Janet network in the UK?  :shiftyninja: Do you go to Uni or something? 

Share this post


Link to post
Share on other sites

yea 24 hour is preferable lol....I DONT KNOW lol i hate being under fire like this I have never set a vpn before and Im starting to look like an idiot infront of partners

Are you the network guy or you are just an IT guy and they assume you should know networking as well? We can help you to set up a VPN tunnel, it easy but you'll have to provide us more info. As BudMan said, ask them and let us know. IF you are not responsible of these stuff, then you should have told them that before getting yourself into this. ;)

 

Are you gonig to use your Netgear router to set the VPN up with the other location? Or you have another router/firewall as well?

Share this post


Link to post
Share on other sites

That netgear sure and the hell doesn't support site to site vpns - its a $25 home router.

Share this post


Link to post
Share on other sites

That netgear sure and the hell doesn't support site to site vpns - its a $25 home router.

And  they use it in the office, WHY, WHY, WHY??

Share this post


Link to post
Share on other sites

As a side note I am curious as to why you are on the Janet network in the UK?  :shiftyninja: Do you go to Uni or something? 

I did :P

 

Are you the network guy or you are just an IT guy and they assume you should know networking as well? We can help you to set up a VPN tunnel, it easy but you'll have to provide us more info. As BudMan said, ask them and let us know. IF you are not responsible of these stuff, then you should have told them that before getting yourself into this. ;)

 

Are you gonig to use your Netgear router to set the VPN up with the other location? Or you have another router/firewall as well?

 

and a bit of both, im actually a systems developer and systems administrator. (yup my official titles). I do networking here quiet alot but its mostly internal, and simple things like ospf, PPP etc I understand the logic of it but Im simply trying to deal with a lack of equipment more then anything right now

And  they use it in the office, WHY, WHY, WHY??

its just meant for 4 people to use the internet ;( all of our work is normally off line in restricted down labs, our work doesnt have access to the internet, im hacking things together.

Share this post


Link to post
Share on other sites

even if it was 1 user, I wouldn't use that sort of device for a "business" site. Personally I wouldn't use such a device in a home ;)

Not saying you need a 3k$ 5515 ASA, but there are some fairly decent boxes for $200 you could use.

Share this post


Link to post
Share on other sites

even if it was 1 user, I wouldn't use that sort of device for a "business" site. Personally I wouldn't use such a device in a home ;)

Not saying you need a 3k$ 5515 ASA, but there are some fairly decent boxes for $200 you could use.

haha im feeling much hate for this device right now....

 

we are going to try vpnc

Share this post


Link to post
Share on other sites

As BudMan says, if you need a decent router that doesn't lack functions, you'll need to upgrade. So you think OSPF and PPP are simple stuff? oO How do you use OSPF and PPP in that router?

Share this post


Link to post
Share on other sites

Not there is no way that router supports OSPF, I would be surprise if ripv1 ;) He must be talking in his labs.

So they have a cisco vpn concentrator at their end? Again doing it from a box inside your network to create a site to site is not best way. Your going to have issues with routing since the endpoint is not your gateway. Going to have to create host routes on your devices most likely.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.