Layer 2 over Layer 3 using Linux built-in features
Often it's not necessary to encrypt traffic when tunneling L2 network over L3 in corporate environment. I hear, you say use OpenVPN, tinc, gvpe, n2n etc. Now, did you know that there's easy built-in solution that has been part of Linux kernel since 2.6.29? If you need encryption just use IPsec to protect GRE traffic.
Example below assumes you have eth0 with 172.31.0.1 for Host A and 172.31.0.2 for Host B.
Connect test PC to Host A port eth1 and try pinging Host B (10.10.10.2). Yes, it really is that easy.
P.S. Test your setup well as usually you can't get full 1500 byte MTU with configuration like this!
Host A:
Host B:
Example below assumes you have eth0 with 172.31.0.1 for Host A and 172.31.0.2 for Host B.
Connect test PC to Host A port eth1 and try pinging Host B (10.10.10.2). Yes, it really is that easy.
P.S. Test your setup well as usually you can't get full 1500 byte MTU with configuration like this!
Host A:
ip link add gretap0 type gretap local 172.31.0.1 remote 172.31.0.2 ip link set dev gretap0 up ip link set dev eth1 up brctl addbr br0 brctl addif br0 gretap0 brctl addif br0 eth1 ip addr add 10.10.10.1/24 dev br0 ip link set br0 up
Host B:
ip link add gretap0 type gretap local 172.31.0.2 remote 172.31.0.1 ip link set dev gretap0 up ip link set dev eth1 up brctl addbr br0 brctl addif br0 gretap0 brctl addif br0 eth1 ip addr add 10.10.10.2/24 dev br0 ip link set br0 up
Comments