-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I noticed that the private ip is on the same subnet on both sides of the tunnel. When I have done this in the past there were two separate subnets (eg. 10.253.253.0/24 and 10.253.254.0/24). I have never tried it exactly as you have. I also do not have any more gre tunnels in service. So this is from an old script of mine. Anyway, the syntax and order that I used is: Box A modprobe ip_gre ip tunnel add gre0 mode gre remote 66.1.2.161 local 66.1.1.161 ttl 255 ip addr add 10.253.253.1 dev gre0 ip link set gre0 up ip route add 10.253.254.0/24 dev gre0 Box B modprobe ip_gre ip tunnel add gre0 mode gre remote 66.1.1.161 local 66.1.2.161 ttl 255 ip addr add 10.253.254.1 dev gre0 ip link set gre0 up ip route add 10.253.253.0/24 dev gre0 Hope this helps, Greg Hartung wrote: > I'm still stuck on this one and could really use some help. I just > finished trying it on an FC3 box too to make sure it wasn't CentOS specific > issue but there's still no output from tcpdump. > > I also spent some time looking over Cisco examples to make sure I wasn't > misremembering the concepts. No surprises there. > > Does anyone have any ideas or can someone suggest a more appropriate > forum for the question? > > Thanks!! > > On 6/21/07 11:52 AM, "Greg Hartung" <ghartung@xxxxxxxxxxxxxxx> wrote: > >> I am trying to setup GRE between two CentOS 4.5 boxes. I have tried >> several variations of what's listed below, but none of them work. >> >> box1: >> modprobe ip_gre >> ip link set gre0 up >> ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev >> eth0 >> ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24 >> ip link set dev gretun up >> ip route add 10.2.0.0/16 via 10.253.253.2 >> >> box2: >> modprobe ip_gre >> ip link set gre0 up >> ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20 dev >> eth0 >> ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24 >> ip link set dev gretun up >> ip route add 10.1.0.0/16 via 10.253.253.1 >> >> tcpdump shows NO rx or tx traffic from either box that isn't ARP or SSH. >> >> It's as if it's not even trying to bring the tunnel up. I'm a Cisco guy, >> so I'm lost with my show commands. >> >> The other variations I've tried consist mostly of trying different >> combinations of on-net (in the same subnet as eth0 and even the same address >> as eth0) and off-net (various combinations of loopback /24 and /32 addresses >> in separate 10 space) on the 'ip addr add dev gretun' statements. But the >> above example is what *should* work on a Cisco, I think. It's been a >> while. >> >> How do I troubleshoot this? This is all I've got so far: >> >> root@den1tun01:/home/root $ ip link >> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen 1000 >> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff >> 3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue >> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff >> 4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue >> link/gre 0.0.0.0 brd 0.0.0.0 >> 5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue >> link/gre 66.1.1.161 peer 66.1.2.161 >> >> root@den1tun01:/home/root $ ip tun >> gre0: gre/ip remote any local any ttl inherit nopmtudisc >> gretun: gre/ip remote 66.1.2.161 local 66.1.1.161 dev eth0 ttl 20 >> >> root@den1tun01:/home/root $ ifconfig >> eth0 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9 >> inet addr:10.1.2.243 Bcast:10.1.3.255 Mask:255.255.254.0 >> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1 >> RX packets:3357 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:484 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:230757 (225.3 KiB) TX bytes:63937 (62.4 KiB) >> Interrupt:169 Memory:f8000000-f8011100 >> >> eth0.2 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9 >> inet addr:66.1.1.161 Bcast:66.1.1.191 Mask:255.255.255.192 >> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1 >> RX packets:950 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:0 >> RX bytes:43860 (42.8 KiB) TX bytes:1200 (1.1 KiB) >> >> gretun Link encap:UNSPEC HWaddr >> 42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00 >> inet addr:10.253.253.1 P-t-P:10.253.253.2 Mask:255.255.255.0 >> UP POINTOPOINT RUNNING NOARP MTU:8776 Metric:1 >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:0 >> RX bytes:0 (0.0 b) TX bytes:756 (756.0 b) >> >> gre0 Link encap:UNSPEC HWaddr >> 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00 >> UP RUNNING NOARP MTU:1476 Metric:1 >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:0 >> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) >> >> lo Link encap:Local Loopback >> inet addr:127.0.0.1 Mask:255.0.0.0 >> UP LOOPBACK RUNNING MTU:16436 Metric:1 >> RX packets:225 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:225 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:0 >> RX bytes:13271 (12.9 KiB) TX bytes:13271 (12.9 KiB) >> >> >> I've also tried changing the destination for the route to the near end of >> the private subnet and tried pinging various things on the tunnel subnet and >> remote network to create "interesting traffic" to bring the tunnel up but >> tcpdump still shows nothing. >> >> Then I noticed that ping does show an error count: >> >> [root@den1tun01 ~]# ping 10.253.253.2 >> PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data. >>> From 10.253.253.1 icmp_seq=0 Destination Host Unreachable >>> From 10.253.253.1 icmp_seq=1 Destination Host Unreachable >> --- 10.253.253.2 ping statistics --- >> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1000ms >> , pipe 2 >> >> I can ping the local end: 10.253.253.1, but the tunnel is still >> non-functinoal. >> >> Thanks! >> Greg >> >> _______________________________________________ >> LARTC mailing list >> LARTC@xxxxxxxxxxxxxxx >> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGgvFawRXgH3rKGfMRAnXQAJ9FeeexFg7Qy1M8atRipjVpmTpO+gCdG8er 10WWOmM8YDMj0m9XECRlSv8= =PsPK -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
