Case 1 : source gre and destination gre ip’s are in different network
Peer 1:
-------
1. Create gre tunnel interface
ip tunnel add gre1 mode gre remote local ttl 255
ex: ip tunnel add gre1 mode gre remote 172.52.1.2 local 172.51.1.2 ttl 255
2. Bringup created gre tunnel interface
ip link set gre1 up
3. Assign ip address to gre interface
ip addr add dev gre1
ex: ip addr add 2.2.2.2/24 dev gre1
4. add route to reach remote gre interface network
ex: ip route add 3.3.3.0/24 via 2.2.2.2 dev gre1
Peer 2:
-------
1. Create gre tunnel interface
ip tunnel add gre1 mode gre remote local ttl 255
ex:ip tunnel add gre1 mode gre remote 172.51.1.2 local 172.52.1.2 ttl 255
2. Bringup created gre tunnel interface
ip link set gre1 up
3. Assign ip address to gre interface
ip addr add dev gre1
ex: ip addr add 3.3.3.3/24 dev gre1
4. add route to reach remote gre interface network
ex: route ip route add 2.2.2.0/24 via 3.3.3.3 dev gre1
* To enable gre functionality in linux execute following command
modprobe ip_gre (* by default gre functionality is enabled in linux)
* To Delete gre interface
ip tunnel del gre1
* To down/up gre interface
ifconfig gre1 down
ifconfig gre1 up
** Send traffic using gre tunnel address.
ping 3.3.3.3
> show conn
2 in use, 4 most used
Inspect Snort:
preserve-connection: 1 enabled, 0 in effect, 1 most enabled, 0 most in effect
ICMP outside 3.3.3.3:0 inside 2.2.2.2:4053, idle 0:00:00, bytes 112, flags pN1
GRE outside 172.52.1.2:0 inside 172.51.1.2:0, idle 0:00:00, bytes 0, flags LN
wget http://3.3.3.3/5mb.out -O /dev/null --limit-rate=10K
> show conn detail all
2 in use, 4 most used
TCP outside: 3.3.3.3/80 inside: 2.2.2.2/41314,
flags UIOpN1, idle 0s, uptime 12s, timeout 1h0m, bytes 177954
Initiator: 2.2.2.2, Responder: 3.3.3.3
GRE outside: 172.52.1.2/0 inside: 172.51.1.2/0,
flags LN, idle 0s, uptime 12s, timeout 2m0s, bytes 0
>
>
wget https://3.3.3.3/5mb.out -O /dev/null --limit-rate=10K --no-check-certificate
> show conn all
2 in use, 4 most used
Inspect Snort:
preserve-connection: 1 enabled, 0 in effect, 1 most enabled, 0 most in effect
TCP outside 3.3.3.3:443 inside 2.2.2.2:45483, idle 0:00:00, bytes 493269, flags UIOpN1
GRE outside 172.52.1.2:0 inside 172.51.1.2:0, idle 0:00:00, bytes 0, flags LN
>
>
> show conn all detail
2 in use, 4 most used
TCP outside: 3.3.3.3/443 inside: 2.2.2.2/45483,
flags UIOpN1, idle 0s, uptime 27s, timeout 1h0m, bytes 341213
Initiator: 2.2.2.2, Responder: 3.3.3.3
GRE outside: 172.52.1.2/0 inside: 172.51.1.2/0,
flags LN, idle 0s, uptime 27s, timeout 2m0s, bytes 0
> show capture in
143 packets captured
1: 08:15:20.342923 802.1Q vlan#911 P7 arp who-has 172.51.1.1 (0:f6:63:e4:a3:6e) tell 0.0.0.0
2: 08:15:20.342954 802.1Q vlan#911 P7 arp reply 172.51.1.1 is-at 0:f6:63:e4:a3:6e
3: 08:15:24.438225 802.1Q vlan#911 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: S 228517354:228517354(0) win 14360
4: 08:15:24.490773 802.1Q vlan#911 P0 172.52.1.2 > 172.51.1.2: gre: 3.3.3.3.443 > 2.2.2.2.45484: S 2973806477:2973806477(0) ack 228517355 win 28480
5: 08:15:24.490971 802.1Q vlan#911 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: . ack 2973806478 win 898
6: 08:15:24.491231 802.1Q vlan#911 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: P 228517355:228517650(295) ack 2973806478 win 898
7: 08:15:24.590942 802.1Q vlan#911 P0 172.52.1.2 > 172.51.1.2: gre: 3.3.3.3.443 > 2.2.2.2.45484: . ack 228517650 win 231
8: 08:15:24.605696 802.1Q vlan#911 P0 172.52.1.2 > 172.51.1.2: gre: 3.3.3.3.443 > 2.2.2.2.45484: . 2973806478:2973807846(1368) ack 228517650 win 231
9: 08:15:24.605712 802.1Q vlan#911 P0 172.52.1.2 > 172.51.1.2: gre: 3.3.3.3.443 > 2.2.2.2.45484: P 2973807846:2973807901(55) ack 228517650 win 231
10: 08:15:24.606093 802.1Q vlan#911 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: . ack 2973807846 win 1076
11: 08:15:24.607192 802.1Q vlan#911 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: . ack 2973807901 win 1076
12: 08:15:24.607207 802.1Q vlan#911 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: P 228517650:228517776(126) ack 2973807901 win 1076
13: 08:15:24.691492 802.1Q vlan#911 P0 172.52.1.2 > 172.51.1.2: gre: 3.3.3.3.443 > 2.2.2.2.45484: P 2973807901:2973808159(258) ack 228517776 win 231
> show capture out
198 packets captured
1: 08:15:24.438759 802.1Q vlan#912 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: S 1561470146:1561470146(0) win 14360
2: 08:15:24.490712 802.1Q vlan#912 P0 172.52.1.2 > 172.51.1.2: gre: 3.3.3.3.443 > 2.2.2.2.45484: S 1291382108:1291382108(0) ack 1561470147 win 28480
3: 08:15:24.491155 802.1Q vlan#912 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: . ack 1291382109 win 898
4: 08:15:24.491414 802.1Q vlan#912 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: P 1561470147:1561470442(295) ack 1291382109 win 898
5: 08:15:24.590896 802.1Q vlan#912 P0 172.52.1.2 > 172.51.1.2: gre: 3.3.3.3.443 > 2.2.2.2.45484: . ack 1561470442 win 231
6: 08:15:24.605467 802.1Q vlan#912 P0 172.52.1.2 > 172.51.1.2: gre: 3.3.3.3.443 > 2.2.2.2.45484: . 1291382109:1291383477(1368) ack 1561470442 win 231
7: 08:15:24.605483 802.1Q vlan#912 P0 172.52.1.2 > 172.51.1.2: gre: 3.3.3.3.443 > 2.2.2.2.45484: P 1291383477:1291383532(55) ack 1561470442 win 231
8: 08:15:24.606124 802.1Q vlan#912 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: . ack 1291383477 win 1076
9: 08:15:24.607222 802.1Q vlan#912 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: . ack 1291383532 win 1076
10: 08:15:24.607237 802.1Q vlan#912 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: P 1561470442:1561470568(126) ack 1291383532 win 1076
11: 08:15:24.691446 802.1Q vlan#912 P0 172.52.1.2 > 172.51.1.2: gre: 3.3.3.3.443 > 2.2.2.2.45484: P 1291383532:1291383790(258) ack 1561470568 win 231
12: 08:15:24.692255 802.1Q vlan#912 P0 172.51.1.2 > 172.52.1.2: gre: 2.2.2.2.45484 > 3.3.3.3.443: P 1561470568:1561470711(143) ack 1291383790 win 1247
No comments:
Post a Comment