lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 19 Oct 2020 19:08:28 +0200
From:   Alarig Le Lay <alarig@...rdarmor.fr>
To:     לירן אודיז <liranodiz@...il.com>
Cc:     netdev@...r.kernel.org
Subject: Re: GRE Tunnel Over Linux VRF

Hi,

On Mon 19 Oct 2020 17:59:56 GMT, לירן אודיז wrote:
> Hi, i am trying to create GRE tunnel over vrf.
> after binding  the GRE tunnel interface (also the LAN & WAN
> interfaces) to VRF, the traffic didn't forwarded via the WAN
> interface,  the path is LAN(VRx)----->GRE--x-->WAN(VRx) .
> only while the WAN interface is binding to the default router, the
> traffic forwarded correctly via the WAN interface, the path is
> LAN(VRx)----->GRE----->WAN(VRx).
> 
> used configuration:
> ifconfig lan1 80.80.80.1/24 up
> ifconfig wan2 50.50.50.1/24 up
> ip link add VR2 type vrf table 2
> ip link set dev VR2 up
> ip route add table 2 unreachable default metric 4278198272
> ip tunnel add greT2 mode gre local 50.50.50.1 remote 50.50.50.2
> ip addr add 55.55.55.1/24 dev greT2
> ip link set greT2 up
> ip link set dev greT2 master VR2
> ip link set dev lan1 master VR2
> ip link set dev wan2 master VR2
> ip route add vrf VR2 90.90.90.0/24 via 55.55.55.2
> 
> what is the correct way to create GRE tunnel over VRF.
> Thank for support.
> 
> BR, Liran

The IPs used as tunnel endpoints must be reachable via the GRT (and not
on the tunnel).

Here is an example of how I set it up here:
core01-arendal ~ # ip link show gre2
17: gre2@...E: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue master as208627 state UNKNOWN mode DEFAULT group default qlen 1000
    link/gre 85.166.254.210 peer 45.134.89.103
    alias Core: edge03
core01-arendal ~ # ip r g 85.166.254.210
local 85.166.254.210 dev lo table local src 85.166.254.210 uid 0
    cache <local>
core01-arendal ~ # ip r g 45.134.89.103
45.134.89.103 via 85.166.252.1 dev enp2s0 src 85.166.254.210 uid 0
    cache
core01-arendal ~ # ip addr show gre2
17: gre2@...E: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue master as208627 state UNKNOWN group default qlen 1000
    link/gre 85.166.254.210 peer 45.134.89.103
    inet 45.91.126.224/31 scope global gre2
       valid_lft forever preferred_lft forever
    inet6 2a0e:f42:fffe:1::1a/127 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::200:5efe:55a6:fed2/64 scope link
       valid_lft forever preferred_lft forever
core01-arendal ~ # ip link show as208627
6: as208627: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 4e:82:77:cd:dd:b7 brd ff:ff:ff:ff:ff:ff
core01-arendal ~ # ip vrf sh
Name              Table
-----------------------
as208627         208627

-- 
Alarig

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ