Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How to enable GRE and SIT in OpenVZ Container?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to enable GRE and SIT in OpenVZ Container?

avelineaveline Member, Patron Provider
edited July 2012 in Help

How to enable GRE and SIT in OpenVZ Container

Comments

  • miTgiBmiTgiB Member

    You have access to host node?

  • avelineaveline Member, Patron Provider

    @miTgiB Yes, I have.

  • risharderisharde Patron Provider, Veteran

    Can anyone provide a complete answer for this?

  • gestiondbigestiondbi Member, Patron Provider

    Yes it's possible via the node side. You need to contact your provide to see if they can activate it for you.

  • risharderisharde Patron Provider, Veteran

    Hi David, thanks for responding. I recently set up Virtualizor on a dedicated so I have access to the node. Unfortunately it seems my googling skills arent that good and I have not be able to get a good site that explains how to do this. On my host node, I can see ip_gre when I use the lsmod command but the openvz vps isn't able to see it

    @davidgestiondbi said:
    Yes it's possible via the node side. You need to contact your provide to see if they can activate it for you.

  • JacobJacob Member
    edited October 2015

    @risharde @aveline this should work - https://forum.openvz.org/index.php?t=msg&goto=6672&;

    Let me know if not and I'll gladly help.

    P.S: Answer is at the bottom of that thread!

  • JacobJacob Member
    edited October 2015

    Just on a seperate note as well, for GRE my personal preference is creating the interface files manually ref: http://centoshowtos.org/network-and-security/gre-tunnel/

    And just to give an explanation of what these mean...

    PEER_OUTER_IPADDR= 8.8.8.8 - client public facing IP

    PEER_INNER_IPADDR= (Example: 192.168.1.2) - client internal IP

    MY_INNER_IPADDR= (Example: 192.168.1.1) - server internal IP

    You'll also have to do the same interface file for the other end...

    And you may also need route and rule files setup, but we'll come back to that if you do ;)

  • /sbin/modprobe ip_gre
    /sbin/modprobe sit
    vzctl set CTID --features sit:on --save

    That should do it.

  • risharderisharde Patron Provider, Veteran

    Thanks @Jacob and @sit will test and confirm, really appreciate the assistance

  • risharderisharde Patron Provider, Veteran

    Thanks @Fusl

  • risharderisharde Patron Provider, Veteran

    Before I do the last commands in the forum you send me @Jacob,
    When I do the manual interface files, this works fine on the first node (which is KVM) but not on the OpenVZ node
    The openvz node spits out: "FATAL: Module ip_gre not found." when ifup tun0 is ran.
    This happens even after I enabled gre via host using command: vzctl set 101 --features ip_gre:on --save

    So is it safe to assume that by doing the last commands in the forum post should solve this?

  • @risharde possibly, give it a go... worst that can happen is it doesn't work.

  • risharderisharde Patron Provider, Veteran
    edited October 2015

    @Jacob unfortunately it doesn't work, I keep getting the following:

    vzctl set 101 --netdev_add tunel0 --save

    Bad parameter for --netdev_add: tunel0

  • You do not need this. Just execute what I wrote before and then add a new tunnel inside the container as you would normally do on any other system.

  • risharderisharde Patron Provider, Veteran

    @Fusl I've tried what you posted as well on the host node and followed instructions via http://wiki.buyvm.net/doku.php/gre_tunnel

    It still doesn't work

  • risharde said: It still doesn't work

    "It does not work" is not enough information to start troubleshooting for you what causes this. If you want us to help you, you need to help us understanding what you have done and what does not work.

  • risharderisharde Patron Provider, Veteran

    Sorry for the vague response @Fusl
    I tried the commands on hostnode

    /sbin/modprobe ip_gre
    /sbin/modprobe sit
    vzctl set CTID --features sit:on --save

    Then I tried creating a GRE tunnel using the BuyVM tutorial

    It creates the tun0 device on the external KVM I have and also on the OpenVZ containers

    But I cannot ping to or from each of these containers

    It just times out

    I'm going to try a KVM to KVM and see if the gre tunnel will work since I'm out of ideas on why it isn't working from KVM to OpenVZ

  • FuslFusl Member
    edited October 2015

    If the tunnel gets created without any error/warning message, it means the rest of the configuration is wrong somewhere. Firewall in container, on hardware node or in the network? Can you let me know how you continued with the configuration? Maybe I/we can see a mistake you did somewhere. Also, do you see packets leaving/entering both servers when checking with tcpdump? (tcpdump -nn -i any host SIDEA and host SIDEB)

  • risharderisharde Patron Provider, Veteran

    Hi @Fusl, thanks for responding again.
    I tried using a KVM container as mentioned previously and it still didn't work (no ping replies). I also noticed that the DDOS protected KVM was able to send gre data to the 2nd KVM but it seems the DDOS protected KVM was not able to receive GRE packets.

    I eventually tried this same KVM container (the one which I want to protect) with another KVM container (in a different geographical location) and it works (I am able to ping back and forth properly).

    From what I gather, it seems the original KVM (DDOS protected) or its host node or entire network (OVH) is blocking the GRE packets. Maybe it's the DDOS protection? I've ticketed in for some provider assistance and hoping not to get back an unmanaged response and more importantly a solution of some sort.

    Surely I have to say, something as simple as gre gets so much more complicated when various networks and filtering are involved. I'll try the commands you sent as well so thank you for your assistance!

  • Just jumping in with the topic, will the bandwidth in the VPS get consumed when you use it as a tunnel?

Sign In or Register to comment.