兩臺linux建立GRE隧道

原創作品，允許轉載，轉載時請務必以超連結形式標明文章 原始出處 、作者資訊和本宣告。否則將追究法律責任。http://333234.blog.51cto.com/323234/931805

1.拓撲圖： 

備註：因為應用原因，需要在linux2上新增一個公網地址，並且在中間路由裝置不受控制的情況下，Linux1能訪問到linux2上面的公網地址。

2.基本介面配置：

linux1:192.168.10.1/24

linux2:192.168.20.2/24

R1:

interface FastEthernet0/0 
ip address 192.168.10.10 255.255.255.0 
no shutdown 
! 
interface FastEthernet0/1 
ip address 192.168.20.10 255.255.255.0 
no shutdown

3.路由配置：

linux1閘道器:192.168.10.10 
linux2閘道器:192.168.20.10 
R1：只有直連路由

4.Linux2單網路卡多地址配置：

[root@Linux1 ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0 
[root@Linux1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0:0 
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] 
DEVICE=eth0:0 
BOOTPROTO=none 
ONBOOT=yes 
HWADDR=00:0c:29:08:48:63 
NETMASK=255.255.255.252 
IPADDR=202.100.2.2 
TYPE=Ethernet 
USERCTL=no 
IPV6INIT=no 
PEERDNS=yes 
[root@Linux1 ~]# service network restart 
[root@Linux1 ~]# ping 202.100.2.2 
PING 202.100.2.2 (202.100.2.2) 56(84) bytes of data. 
64 bytes from 202.100.2.2: icmp_seq=1 ttl=64 time=0.124 ms 
--- 202.100.2.2 ping statistics --- 
1 packets transmitted, 1 received, 0% packet loss, time 0ms 
rtt min/avg/max/mdev = 0.124/0.124/0.124/0.000 ms 
[root@ams ~]# ping 192.168.10.10 
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data. 
64 bytes from 192.168.10.10: icmp_seq=1 ttl=255 time=70.6 ms 
--- 192.168.10.10 ping statistics --- 
1 packets transmitted, 1 received, 0% packet loss, time 0ms 
rtt min/avg/max/mdev = 70.629/70.629/70.629/0.000 ms

5.GRE tunnel配置：

A.確定是否載入了GRE模組 
[root@Linux1 ~]# lsmod |grep ip_gre 
[root@Linux2 ~]# lsmod |grep ip_gre 
B.載入GRE模組

[root@linux1 ~]# uname -an 
Linux linux1 2.6.9-78.EL #1 Wed Jul 9 15:27:01 EDT 2008 i686 i686 i386 GNU/Linux 
[root@linux1 ~]# insmod /lib/modules/2.6.9-78.EL/kernel/net/ipv4/ip_gre.ko 
[root@linux2 ~]# uname -an 
Linux linux2 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux 
[root@linux2 ~]# insmod /lib/modules/2.6.18-164.el5/kernel/net/ipv4/ip_gre.ko

C.GRE tunnel介面配置

Linux1: 
ip tunnel add tunnel0 mode gre remote 192.168.20.2 local 192.168.10.1 ttl 255 
ip link set tunnel0 up mtu 1400 
ip addr add 172.16.1.1/30  dev tunnel0 
ip addr add 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0 
ip route add 202.100.2.2/32 dev tunnel0 
Linux2: 
ip tunnel add tunnel0 mode gre remote 192.168.10.1 local 192.168.20.2 ttl 255 
ip link set tunnel0 up mtu 1400 
ip addr add 172.16.1.2/30  dev tunnel0 
ip addr add 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0 
D.將tunnel配置開機執行：

linux1: 
vi /etc/init.d/gre.sh   ##內容如下： 
insmod /lib/modules/2.6.9-78.EL/kernel/net/ipv4/ip_gre.ko 
ip tunnel add tunnel0 mode gre remote 192.168.20.2 local 192.168.10.1 ttl 255 
ip link set tunnel0 up mtu 1400 
ip addr add 172.16.1.1/30  dev tunnel0 
ip addr del 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0 
ip addr add 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0 
ip route add 202.100.2.2/32 dev tunnel0 
chmod +x /etc/init.d/gre.sh 
echo "/etc/init.d/gre.sh" >> /etc/rc.d/rc.local 
linux2: 
vi /etc/init.d/gre.sh   ##內容如下： 
insmod /lib/modules/2.6.18-164.el5/kernel/net/ipv4/ip_gre.ko 
ip tunnel add tunnel0 mode gre remote 192.168.10.1 local 192.168.20.2 ttl 255 
ip link set tunnel0 up mtu 1400 
ip addr add 172.16.1.2/30  dev tunnel0 
ip addr del 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0 
ip addr add 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0 
chmod +x /etc/init.d/gre.sh 
echo "/etc/init.d/gre.sh" >> /etc/rc.d/rc.local 
D.驗證GRE介面

[root@Linux1 ~]# ip addr show 
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever 
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 
    link/ether 00:0c:29:e4:65:78 brd ff:ff:ff:ff:ff:ff 
    inet 192.168.10.1/24 brd 192.168.10.255 scope global eth0 
    inet6 fe80::20c:29ff:fee4:6578/64 scope link 
       valid_lft forever preferred_lft forever 
3: sit0: <NOARP> mtu 1480 qdisc noop 
    link/sit 0.0.0.0 brd 0.0.0.0 
4: gre0: <NOARP> mtu 1476 qdisc noop 
    link/gre 0.0.0.0 brd 0.0.0.0 
5: tunnel0@NONE: <POINTOPOINT,NOARP,UP> mtu 1400 qdisc noqueue 
    link/gre 192.168.10.1 peer 192.168.20.2 
    inet 172.16.1.1 peer 172.16.1.2/30 scope global tunnel0 
[root@Linux2 ~]# ip addr show 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
    inet 127.0.0.1/8 scope host lo 
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 
    link/ether 00:0c:29:08:48:63 brd ff:ff:ff:ff:ff:ff 
    inet 192.168.20.2/24 brd 192.168.20.255 scope global eth0 
    inet 202.100.2.2/30 brd 202.100.2.3 scope global eth0:0 
    inet6 fe80::20c:29ff:fe08:4863/64 scope link 
       valid_lft forever preferred_lft forever 
3: sit0: <NOARP> mtu 1480 qdisc noop 
    link/sit 0.0.0.0 brd 0.0.0.0 
4: gre0: <NOARP> mtu 1476 qdisc noop 
    link/gre 0.0.0.0 brd 0.0.0.0 
5: tunnel0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1400 qdisc noqueue 
    link/gre 192.168.20.2 peer 192.168.10.1 
    inet 172.16.1.2 peer 172.16.1.1/30 scope global tunnel0

5.效果測試：

[root@linux1 ~]#  ping 202.100.2.2 
PING 202.100.2.2 (202.100.2.2) 56(84) bytes of data. 
64 bytes from 202.100.2.2: icmp_seq=0 ttl=64 time=82.4 ms 
64 bytes from 202.100.2.2: icmp_seq=1 ttl=64 time=48.7 ms 
--- 202.100.2.2 ping statistics --- 
2 packets transmitted, 2 received, 0% packet loss, time 1002ms 
rtt min/avg/max/mdev = 48.784/65.633/82.482/16.849 ms, pipe 2

本文出自 “httpyuntianjxxll.spac..” 部落格，請務必保留此出處http://333234.blog.51cto.com/323234/931805