文章介绍:使用Ubuntu 22.04.4 LTS 与 CentOS Linux release 7.9.2009 (Core) 通过 GRE 建立隧道,实现互通。
一、Ubuntu
1.1、查看版本
lsb_release -a
1.2、更新系统
sudo apt-get update
1.3、安装相关组件
sudo apt-get install iputils-ping iproute2 traceroute iptables-persistent nano
1.4、开启路由转发
echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
1.5、创建gre接口
1.5.1、创建
sudo nano /etc/netplan/gre_tun0.yaml
1.5.2、贴入配置
network:
version: 2
tunnels:
tun0:
mode: gre
mtu: 1476
tcp_mss: 1300
local: 192.168.65.94
remote: 192.168.65.140
addresses:
- 10.0.0.2/24
1.5.3、配置生效
sudo netplan apply
1.6、查看接口
ip addr
二、CentOS
2.1、查看版本
cat /etc/redhat-release
2.2、更新系统
sudo yum update
2.3、安装相关组件
sudo yum install -y iputils iproute2 traceroute iptables nano
2.4、开启路由转发
echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
2.5、创建gre接口脚本
2.5.1、创建
nano gre_tun0.sh
2.5.2、贴入配置
# 添加GRE隧道
/sbin/ip tunnel add tun0 mode gre remote 192.168.65.94 local 192.168.65.140 ttl 255
# 启用隧道
/sbin/ip link set tun0 up mtu 1476
# 添加IP地址
/sbin/ip addr add 10.0.0.1/24 dev tun0
# 添加iptables规则标记tun0出口的数据包
iptables -t mangle -A OUTPUT -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j MARK --set-mark 1998
# 修改tun0出口的TCP MSS
iptables -t mangle -A FORWARD -p tcp -m mark --mark 1998 -j TCPMSS --set-mss 1300
# 输出日志信息
echo "$(date): GRE tunnel completed" >> /var/log/gre_tun0.log
2.5.3、脚本赋权
sudo chmod +x gre_tun0.sh
2.5.4、配置生效
bash gre_tun0.sh
2.6、创建gre系统服务
2.6.1、创建
sudo nano /etc/systemd/system/gre_tun0.service
2.6.2、贴入配置
[Unit]
Description=GRE tunnel
After=network.target
[Service]
Type=oneshot
ExecStart=/root/gre_tun0.sh
[Install]
WantedBy=multi-user.target
2.7、重载 systemd 程序
sudo systemctl daemon-reload
2.8、开机自启动
sudo systemctl enable gre_tun0.service
2.9、启动服务器
sudo systemctl start gre_tun0.service
2.10、查看服务
sudo systemctl status gre_tun0.service
三、静态路由
3.1、Ubuntu
3.1.1、添加临时路由
sudo ip route add 100.64.0.0/16 via 10.0.0.1 dev tun0
3.1.2、添加永久路由
sudo nano /etc/netplan/gre_tun0.yaml
network:
version: 2
tunnels:
tun0:
mode: gre
local: 192.168.65.94
remote: 192.168.65.140
addresses:
- 10.0.0.2/24
routes:
- to: 100.64.0.0/16
via: 10.0.0.1
3.1.3、配置生效
sudo netplan apply
3.1.4、删除路由
sudo ip route delete 100.64.0.0/16 via 10.0.0.1 dev tun0
3.2、CentOS
3.2.1、添加临时路由
sudo ip route add 172.16.0.0/16 via 10.0.0.2 dev tun0
3.2.2、添加永久路由:方式一
3.2.2.1、编辑rc.local
nano /etc/rc.d/rc.local
3.2.2.2、赋权
chmod +x /etc/rc.d/rc.local
3.2.2.3、编辑rc.local服务
nano /lib/systemd/system/rc-local.service
3.2.2.3、修改成如下
[Unit]
Description=/etc/rc.d/rc.local Compatibility
ConditionFileIsExecutable=/etc/rc.d/rc.local
After=network.target
[Service]
Type=forking
ExecStartPre=/bin/sleep 15
ExecStart=/etc/rc.d/rc.local start
TimeoutSec=0
RemainAfterExit=yes
3.2.2.4、重载服务+重启服务
sudo systemctl daemon-reload && sudo systemctl restart rc-local.service
3.2.3、添加永久路由:方式二
3.2.3.1、创建route脚本
nano route_tun0.sh
3.2.3.2、贴入配置
#!/bin/bash
# 等待 15 秒
sleep 15
# 添加路由
ip route add 172.16.0.0/16 via 10.0.0.2 dev tun0
exit 0
3.2.3.3、配置生效
bash route_tun0.sh
3.2.3.4、创建系统服务
sudo nano /etc/systemd/system/route_tun0.service
[Unit]
Description=GRE tunnel route
After=network.target
[Service]
Type=oneshot
ExecStart=/root/route_tun0.sh
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable route_tun0.service
sudo systemctl start route_tun0.service
sudo systemctl status route_tun0.service
3.2.4、删除路由
sudo ip route delete 172.17.0.0/16 via 10.0.0.2 dev tun0