GRE Tunneling not working

Question

i've been looking everywhere for a solution to this but have found really nothing. I was wondering if it is possible to forward ports such as 80 through an OpenVPN connection? I am using an OVH VPS with the preinstalled OpenVPN Debian 8 distro. Client port to server or something like that. Any help would be greatly appreciated.

EDIT: This is bad diagram, but its better than nothing! click to see diagram on diagram webserver is on server1 my bad

Changed this to GRE tunneling. I set the tunnel up on both ends like this, but i cannot use it. Commands done on server 1:

ip tunnel add gre1 mode gre remote 66.xxx.xx.xx local 158.xx.xxx.xxx ttl 255
ip link set gre1 up
ip addr add 10.0.0.1/24 dev gre1

Commands done on server 2:

ip tunnel add gre1 mode gre remote 158.xx.xxx.xxx local 66.xxx.xx.xx ttl 255
ip link set gre1 up
ip addr add 10.0.0.2/24 dev gre1

i cannot ping 10.0.0.2 from server 1, but i can obviously from server 2.

server 1 ip addr output:

root@server1:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul                                                       t qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP gr                                                       oup default qlen 1000
link/ether fa:16:3e:17:34:30 brd ff:ff:ff:ff:ff:ff
inet 158.xx.xxx.xxx/32 brd 158.69.202.194 scope global ens3
   valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe17:3430/64 scope link
   valid_lft forever preferred_lft forever
3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1
link/gre 0.0.0.0 brd 0.0.0.0
4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group defa                                                       ult qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
7: gre1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNO                                                       WN group default qlen 1
link/gre 158.xx.xxx.xxx peer 66.xxx.xx.xx
inet 10.0.0.1/24 scope global gre1
   valid_lft forever preferred_lft forever
inet6 fe80::200:5efe:9e45:cac2/64 scope link
   valid_lft forever preferred_lft forever

ip route server 1:

root@server1:~# ip route
default via 158.xx.xxx.1 dev ens3
10.0.0.0/24 dev gre1  proto kernel  scope link  src 10.0.0.1
158.xx.xxx.1 dev ens3  scope link

ip addr server 2:

root@server2:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether d8:9d:67:d3:71:09 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.30/24 brd 192.168.1.255 scope global dynamic enp0s25
   valid_lft 73469sec preferred_lft 73469sec
inet6 fe80::3062:291f:ccf6:26aa/64 scope link
   valid_lft forever preferred_lft forever
3: wlo1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:24:d7:e8:73:30 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.36/24 brd 192.168.1.255 scope global dynamic wlo1
   valid_lft 73461sec preferred_lft 73461sec
4: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1
link/gre 0.0.0.0 brd 0.0.0.0
5: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
11: gre1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN group default qlen 1
link/gre 66.xxx.xx.xx peer 158.xx.xxx.xxx
inet 10.0.0.2/24 scope global gre1
   valid_lft forever preferred_lft forever
inet6 fe80::200:5efe:42d3:132c/64 scope link
   valid_lft forever preferred_lft forever

ip route server 2:

root@server2:~# ip route
default via 192.168.1.1 dev enp0s25 proto static metric 100
10.0.0.0/24 dev gre1 proto kernel scope link src 10.0.0.2
169.254.0.0/16 dev gre1 scope link metric 1000
192.168.1.0/24 dev enp0s25 proto kernel scope link src 192.168.1.30 metric 100

I'm confused. Which port do you want to listen for connections and where do you want those connections to actually connect? Can you draw a diagram or somehow make this clear? — ptman, Oct 25 '17 at 16:21
https://www.linode.com/docs/networking/vpn/tunnel-your-internet-traffic-through-an-openvpn-server — Jacob Evans, Oct 25 '17 at 16:26
You can use IPTables and policy routing features to accomplish this. Basically, you use IPTables to mark the packets with a specific routing tag, and then add separate routing rules for the routing tags. However, I don't know any closer details on the subject. — Tero Kilkanen, Oct 25 '17 at 20:55
I am now attempting GRE tunneling. They both ping the physical IP addresses but they wont ping through the tunnel. — Purgatory, Oct 26 '17 at 00:51
Now i can ping server 1 from server 2 but i cannot ping server 2 from server 1. — Purgatory, Oct 26 '17 at 16:39

ptman · Answer 1 · 2017-10-26T14:54:38.863

-2

Sounds like you want a VPN connection/tunnel between servers 1 and 2. And then a reverse proxy (nginx/apache/haproxy/varnish/...) on server1 that forwards all requests over the tunnel to server2.

edited Oct 26 '17 at 14:54

answered Oct 25 '17 at 16:24

ptman

27,124
2
26
45

yes but im making a GRE Tunnel now. I can ping both 10.0.0.1 and 10.0.0.2 on server 2 but i cant on server 1 – Purgatory Oct 26 '17 at 16:50

GRE Tunneling not working

1 Answers1