2

I need to create a GRE tunnel from a client to a server. This is my setup.

Setup:

________________________________      _________________________________      ______________________________
|Server |                      |      |Router |                       |      |Client |                    |
|--------                      |      |--------                       |      |--------                    |
|      wan (244.244.244.1/24) -|------|- wan (244.244.244.20/24)      |      |                            |
|                              |      |                               |      |                            |
|                              |      |       lan (192.168.178.0/24) -|------|- lan (192.168.178.22/24)   |
|                              |      ---------------------------------      |                            |
|                              |                                             |                            |
|   to_client (10.10.10.1/24) -|---------------------------------------------|- to_server                 |
--------------------------------                                             ------------------------------

It basically works, but I am unable to get an IP on the client's 'to_server' tunnel interface, because dhclient is not supporting this type of interface. No isc-dhcp package seems to support it. I usually use isc-dhcp-server as a DHCP-Server, but need to use dnsmasq for this special setup.

$ dhclient -v to_server
Unsupported device type 778 for "to_server"

Is there any other method/program to request an IP from a DHCP-server

Additional information from here until the end:

The server and the client are both LXContainers running debian jessie and the host of these containers is an Ubuntu 16.04. The router has an entry of the client as 'exposed host'

The strange thing is, that I am able to ping the server's tunnel interface address.

$ ping -c3 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=63 time=1.38 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=63 time=0.703 ms
64 bytes from 10.10.10.1: icmp_seq=3 ttl=63 time=0.784 ms

--- 10.10.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.703/0.957/1.386/0.306 ms

ifconfig Server (stripped to the minimum)

wan       Link encap:Ethernet  Hardware Adresse d6:d1:57:b5:a9:47  
          inet Adresse:244.244.244.1  Bcast:0.0.0.0  Maske:255.255.255.0
          inet6-Adresse: fe80::d4d1:57ff:feb5:a947/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metrik:1

to_client Link encap:UNSPEC  Hardware Adresse F4-F4-F4-01-30-30-3A-30-00-00-00-00-00-00-00-00  
          inet Adresse:10.10.10.1  P-z-P:10.10.10.1  Maske:255.255.255.0
          UP PUNKTZUPUNKT RUNNING NOARP  MTU:1476  Metrik:1

ifconfig client (stripped to the minimum)

lan       Link encap:Ethernet  Hardware Adresse 82:63:16:cc:12:88  
          inet Adresse:192.168.178.22  Bcast:0.0.0.0  Maske:255.255.255.0
          inet6-Adresse: fe80::8063:16ff:fecc:1288/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metrik:1

to_server Link encap:UNSPEC  Hardware Adresse C0-A8-B2-16-30-30-3A-30-00-00-00-00-00-00-00-00  
          UP PUNKTZUPUNKT RUNNING NOARP  MTU:1476  Metrik:1

Tunnel interfaces

$ ip tunnel show to_client
to_client: gre/ip  remote 244.244.244.20  local 244.244.244.1  ttl 255


$ ip tunnel show to_server
to_server: gre/ip  remote 244.244.244.1  local 192.168.178.22  ttl 255

dnsmasq.conf 

# wan-network
dhcp-range=wan,244.244.244.25,244.244.244.30,2m
# tunnel-network
dhcp-range=to_client,10.10.10.2,10.10.10.10,2m

# netmask /24
dhcp-option=1,255.255.255.0

# this is the router
dhcp-host=9c:c7:a6:XX:XX:XX,244.244.244.20,2m

# disable DNS
port=0
Kev Inski
  • 141
  • 9

1 Answers1

1

As you can see from the ip tunnel show output, your tunnel type is gre/ip, so it is a layer 3 tunnel.

It means that you can only send IP packets, but BOOTP (the protocol under DHCP) uses layer 2 features (like broadcast) that aren't available on that type of link.

To know why you are able to ping you should check the output of ip route and "follow" the path. Note that the TTL is 63, so there should be a router in the path from Client to 10.10.10.1.

Enrico Polesel
  • 193
  • 1
  • 9