Fli
02-11-2016, 11:18 AM
How to allow OpenVZ VPS having GRE tunnel (working on CentOS)?
Here are tutorials:
http://kb.odin.com/en/118484
http://centoshowtos.org/network-and-security/gre-tunnel/
http://wiki.buyvm.net/doku.php/gre_tunnel
Tutorial on this page is incomplete!
Following is how to probably ensure GRE module is loaded on the VPS Host Node:
lsmod|grep gre
Sample output:
ip_gre 10465 0
ip_tunnel 13220 1 ip_gre
nf_conntrack_proto_gre 6891 1 nf_conntrack_pptp
nf_nat_proto_gre 3044 1 nf_nat_pptp
nf_nat 23213 7 ipt_REDIRECT,ipt_MASQUERADE,vzrst,nf_nat_ftp,iptab le_nat,nf_nat_pptp,nf_nat_proto_gre
nf_conntrack 80313 14 xt_connlimit,nf_conntrack_ipv6,xt_conntrack,xt_sta te,vzrst,vzcpt,nf_nat_ftp,nf_conntrack_ftp,iptable _nat,nf_nat_pptp,nf_conntrack_pptp,nf_conntrack_pr oto_gre,nf_nat,nf_conntrack_ipv4
If not there, check if it is loaded on boot: grep -Ril "gre" /etc/sysconfig/modules
If nothing is found, then make it load at boot and load it immediatelly:
echo -e "/sbin/modprobe ip_gre\n/sbin/modprobe nf_conntrack_proto_gre" > /etc/sysconfig/modules/ipgre.modules;chmod +x /etc/sysconfig/modules/ipgre.modules;/bin/sh /etc/sysconfig/modules/ipgre.modules
try to do "lsmod|grep gre" again to veriffy modules were loaded.
-------------------
Other possibly related commands:
vzctl set CTID --netdev_add tunnel --save
vzctl set CTID --devnodes tunnel:rw--save
vzctl set CTID --features gre:on --save # creating IP-GRE tunnels
This is interesting quotation:
You need set interface up in HW before move it into VE:
ip tunnel add tunel0 mode gre local 10.1.2.3 remote 10.2.3.4
ip link set up dev tunel0
Now you can move tunnel interface into VE:
vzctl set 100 --netdev_add tunel0 --save
This work for me on debian-3.1 with kernel 2.6.8-022stab078.14
Is there anyone who can share on how to do it? Make GRE working on OpenVZ?
Here are tutorials:
http://kb.odin.com/en/118484
http://centoshowtos.org/network-and-security/gre-tunnel/
http://wiki.buyvm.net/doku.php/gre_tunnel
Tutorial on this page is incomplete!
Following is how to probably ensure GRE module is loaded on the VPS Host Node:
lsmod|grep gre
Sample output:
ip_gre 10465 0
ip_tunnel 13220 1 ip_gre
nf_conntrack_proto_gre 6891 1 nf_conntrack_pptp
nf_nat_proto_gre 3044 1 nf_nat_pptp
nf_nat 23213 7 ipt_REDIRECT,ipt_MASQUERADE,vzrst,nf_nat_ftp,iptab le_nat,nf_nat_pptp,nf_nat_proto_gre
nf_conntrack 80313 14 xt_connlimit,nf_conntrack_ipv6,xt_conntrack,xt_sta te,vzrst,vzcpt,nf_nat_ftp,nf_conntrack_ftp,iptable _nat,nf_nat_pptp,nf_conntrack_pptp,nf_conntrack_pr oto_gre,nf_nat,nf_conntrack_ipv4
If not there, check if it is loaded on boot: grep -Ril "gre" /etc/sysconfig/modules
If nothing is found, then make it load at boot and load it immediatelly:
echo -e "/sbin/modprobe ip_gre\n/sbin/modprobe nf_conntrack_proto_gre" > /etc/sysconfig/modules/ipgre.modules;chmod +x /etc/sysconfig/modules/ipgre.modules;/bin/sh /etc/sysconfig/modules/ipgre.modules
try to do "lsmod|grep gre" again to veriffy modules were loaded.
-------------------
Other possibly related commands:
vzctl set CTID --netdev_add tunnel --save
vzctl set CTID --devnodes tunnel:rw--save
vzctl set CTID --features gre:on --save # creating IP-GRE tunnels
This is interesting quotation:
You need set interface up in HW before move it into VE:
ip tunnel add tunel0 mode gre local 10.1.2.3 remote 10.2.3.4
ip link set up dev tunel0
Now you can move tunnel interface into VE:
vzctl set 100 --netdev_add tunel0 --save
This work for me on debian-3.1 with kernel 2.6.8-022stab078.14
Is there anyone who can share on how to do it? Make GRE working on OpenVZ?