Setting up GRE Tunnels on Debian 🚇

To set up a GRE tunnel on Debian between two endpoints (102.219.109.8 and 102.222.161.20) using tunnel IPs 100.64.0.1/30 and 100.64.0.2/30, follow these steps.

---

✅ Step-by-Step GRE Tunnel Setup on Debian

🖥️ Assumptions:

You’ll need to do the following steps on both hosts, changing local/remote accordingly.

---

🔧 1. Create the GRE tunnel

On Host A (102.219.109.8)

ip tunnel add gre1 mode gre local 102.219.109.8 remote 102.222.161.20 ttl 255
ip addr add 100.64.0.1/30 dev gre1
ip link set gre1 up

On Host B (102.222.161.20)

ip tunnel add gre1 mode gre local 102.222.161.20 remote 102.219.109.8 ttl 255
ip addr add 100.64.0.2/30 dev gre1
ip link set gre1 up

---

🔁 2. Test the Tunnel

From Host A, ping Host B:

ping 100.64.0.2

From Host B, ping Host A:

ping 100.64.0.1

---

💾 3. Make it Persistent (Optional)

If you want to make the tunnel persistent across reboots, you can:

Option A: Use a systemd unit or init script

(not ideal unless scripted manually)

Option B: Use /etc/network/interfaces (legacy method)

Edit /etc/network/interfaces on Host A:

auto gre1
iface gre1 inet static
    address 100.64.0.1
    netmask 255.255.255.252
    pre-up ip tunnel add gre1 mode gre local 102.219.109.8 remote 102.222.161.20 ttl 255
    up ip link set gre1 up
    down ip link set gre1 down
    post-down ip tunnel del gre1

Edit /etc/network/interfaces on Host B:

auto gre1
iface gre1 inet static
    address 100.64.0.2
    netmask 255.255.255.252
    pre-up ip tunnel add gre1 mode gre local 102.222.161.20 remote 102.219.109.8 ttl 255
    up ip link set gre1 up
    down ip link set gre1 down
    post-down ip tunnel del gre1

Then restart networking:

sudo systemctl restart networking

---

📌 Notes

• Ensure GRE (IP protocol 47) is allowed through any firewall (iptables, nftables, cloud firewall, etc.).

• No NAT should be applied to the tunnel unless explicitly required.

• GRE doesn't encrypt traffic — it's purely encapsulation.