All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
GRE Tunnel original client IP
Hi,
At first: sorry if I am misunderstanding what a GRE tunnel does. I managed to succesfully set it up. The connection is working fine. I opened a webserver port with iptables.
However, when I do a REMOTE_ADDR with PHP, I get to see the IP-address of the tunnel (192.168.168.xx), not the IP-address of client (in this case, my IP). Let’s say I want to have the same thing as what X-Real-IP or X-Forwarded-For would do with a reverse proxy. Is this possible with a GRE Tunnel, or am I misunderstanding the concept?
Why not use a reverse proxy? Because the content is on a different server, which has some latency. It causes a slow website, so I’d rather serve it at once, if possible.
Comments
GRE forwards at a different layer.
A reverse proxy with bytes cached/buffered set to 0 accomplishes what you are asking for.
Interesting! I should definitely try that, as I had my Nginx configured succesfully already. It was just unbearable slow.
Edit: it works! Thanks!
When you use GRE or other tunnel protocols the packets that are tunneled usually are unchanged. If the source address is changed it may be because you are applying SNAT to the packet.
So what would be the correct command to do it, then?
To avoid SNAT/masquerade to an interface you can insert an ACCEPT rule first in the POSTROUTING chain on the VPS. That way packets sent out via the gre tunnel aren't affected by SNAT/masquerade rules later in the POSTROUTING chain.
Since the source address isn't changed the other end of the tunnel will need to use policy routing which sends all packets from the web server to the gre tunnel.
Would this be correct? @lebuser
Did you managed to make it work? If yes, I would love to know how.
Don't pump old thread and if you need point to point, use wireguard instead.