GRE VPN 是linux内核自带的的可以搭建linux和linux之间的vpn环境,在默认情况是是没有加载的,
在使用的过程中需要开启该模块。
本文介绍使用两台主机装有liunx系统的client和proxy搭建vnp环境的总体过程。
两台都需要做以下的步骤
client端[root@client ~]# lsmod | grep ip_gre -----查看linux中是否加载该模块
[root@client ~]# modprobe ip_gre -----从内存中加载模块的信息
[root@client ~]# modinfo ip_gre ----查看ip_gre模块的相关的信息
filename: /lib/modules/3.10.0-693.el7.x86_64/kernel/net/ipv4/ip_gre.ko.xz
alias: netdev-gretap0
alias: netdev-gre0
alias: rtnl-link-gretap
alias: rtnl-link-gre
license: GPL
rhelversion: 7.4
srcversion: F37A2BF90692F86E3A8BD15
depends: ip_tunnel,gre
intree: Y
vermagic: 3.10.0-693.el7.x86_64 SMP mod_unload modversions
signer: Red Hat Enterprise Linux kernel signing key
sig_key: 4F:FD:D6:3C:93:7E:B4:A7:A1:14:BC:5E:89:1A:CB:DE:50:20:65:21
sig_hashalgo: sha256
parm: log_ecn_error:Log packets received with corrupted ECN (bool)
[root@client ~]# lsmod | grep ip_gre -----查看linux中是否加载成功该模块
ip_gre 22707 0
ip_tunnel 25163 1 ip_gre
gre 13144 1 ip_gre
[root@client ~]# ip tunnel add tun0 mode gre remote 201.1.2.5 local 201.1.2.10
--------ip tunnel add创建隧道(隧道名称为tun0),ip tunnel help可以查看帮助,mode设置隧道使用gre模式,local后面跟本机的IP地址,remote后面是与其他主机建立隧道的对方IP地址
[root@client ~]# ip link show -----查看vpn连建情况,可以看到目前的链路处于不启用状态10: tun0@NONE: <POINTOPOINT,NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT qlen 1
link/gre 201.1.2.10 peer 201.1.2.5
[root@client ~]# ip link set tun0 up -----启动链路连接
[root@client ~]# ip link show
10: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/gre 201.1.2.10 peer 201.1.2.5
> dev tun0 -------- 为隧道tun0设置本地IP地址,和隧道对面的主机的IP地址
[root@client ~]# ip a s -----查看IP地址
10: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/gre 201.1.2.10 peer 201.1.2.5
inet 10.10.10.10 peer 10.10.10.5/24 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::200:5efe:c901:20a/64 scope link
valid_lft forever preferred_lft forever
[root@client ~]# echo "1" > /proc/sys/net/ipv4/ip_forwar ----------开启路由功能
[root@client ~]# firewall-cmd --set-default-zone=trusted ---------关闭防火墙
[root@proxy6 ~]# lsmod |grep ip_gre
[root@proxy6 ~]# modprobe ip_gre
[root@proxy6 ~]# lsmod |grep ip_gre
ip_gre 22707 0
ip_tunnel 25163 1 ip_gre
gre 13144 1 ip_gre
[root@proxy6 ~]# modinfo ip_gre
filename: /lib/modules/3.10.0-693.el7.x86_64/kernel/net/ipv4/ip_gre.ko.xz
alias: netdev-gretap0
alias: netdev-gre0
alias: rtnl-link-gretap
alias: rtnl-link-gre
license: GPL
rhelversion: 7.4
srcversion: F37A2BF90692F86E3A8BD15
depends: ip_tunnel,gre
intree: Y
vermagic: 3.10.0-693.el7.x86_64 SMP mod_unload modversions
signer: Red Hat Enterprise Linux kernel signing key
sig_key: 4F:FD:D6:3C:93:7E:B4:A7:A1:14:BC:5E:89:1A:CB:DE:50:20:65:21
sig_hashalgo: sha256
parm: log_ecn_error:Log packets received with corrupted ECN (bool)
[root@proxy6 ~]# ip tunnel add tun0 mode gre remote 201.1.2.10 local 201.1.2.5
[root@proxy6 ~]# ip link show
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10: tun0@NONE: <POINTOPOINT,NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT qlen 1
link/gre 201.1.2.5 peer 201.1.2.10
[root@proxy6 ~]# ip link set tun0 up
[root@proxy6 ~]# ip link show
10: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/gre 201.1.2.5 peer 201.1.2.10
[root@proxy6 ~]# ip addr add 10.10.10.5/24 peer 10.10.10.10/24 \
> dev tun0
[root@proxy6 ~]# ip a s
10: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN qlen 1
link/gre 201.1.2.5 peer 201.1.2.10
inet 10.10.10.5 peer 10.10.10.10/24 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::200:5efe:c901:205/64 scope link
valid_lft forever preferred_lft forever
测试(用为隧道测试的地址相互的测试,查看是否可以成功ping通)
[root@client ~]# ping 201.1.2.5
PING 201.1.2.5 (201.1.2.5) 56(84) bytes of data.
64 bytes from 201.1.2.5: icmp_seq=1 ttl=64 time=0.573 ms
64 bytes from 201.1.2.5: icmp_seq=2 ttl=64 time=0.776 ms
[root@proxy6 ~]# ping 10.10.10.10
PING 10.10.10.10 (10.10.10.10) 56(84) bytes of data.
64 bytes from 10.10.10.10: icmp_seq=1 ttl=64 time=0.640 ms
64 bytes from 10.10.10.10: icmp_seq=2 ttl=64 time=0.636 ms