This tutorial will show you how you can configure VPN tunnels using generic routing encapsulation (GRE). The purpose of using GRE tunnels is to send packets from one network/device to another network/device over an insecure network. The GRE tunnel is a logical connection that makes the two devices show up as neighbors with no other devices in the middle.

The data that is transiting the GRE tunnel is not encrypted, it is just encapsulated. This is different than IPSEC; if data encryption is needed, then GRE has to be used in conjunction with IPSEC.

Regarding the simulation, you have two files:

  • configuring_gre_init.pkt contains the initial topology. The hosts(PC and SERVER) have full connectivity.
  • configuring_gre_final.pkt is the final configuration. You can use this file to compare your configuration.

Regarding the topology, on the subnets where the PCs are connected, the router’s interface has the IP address whose last octet is .1 and last octet of the PC’s IP address is .100. The default gateway of the PC is the router’s IP address.

For instance, the subnet with PC_1: PC_2 has the IP address of 10.10.10.100/24 and R3’s interface IP address is 10.10.10.1/24.

Each router has a loopback address in the form of 1.1.1.X/32, where X is the router number. For instance, the loopback address of R3 is 1.1.1.3/32.

Also, each subnet between the routers is written on the topology and every router uses its router number as the last octet. For instance, on the subnet 10.10.12.0/24, R2 has 10.10.12.2/24 and R1 has 10.10.12.1/24.

All three routers are running OSPF in area 0, so the routers will have full connectivity between them.

The goal of this simulator is to be able to pass traffic through the tunnel in order for PC_1 and PC_2 to communicate.

The tunnel endpoints for both R1 and R3 are the Loopback interfaces, therefore R1 must know how to reach the R3 Loopback0 interface and vice-versa. This is accomplished by using OSPF that will advertise these routes to all three routers.

The tunnel interface will use 100.100.100.X/24 range. For instance, R1 use will 100.100.100.1/24 and R3 will use 100.100.100.3/24 IP addresses.

Task 1 requirements

  1. On R1, configure interface Tunnel0.
  2. On R1, configure the IP address specified on the diagram.
  3. On R1, configure the source endpoint of the tunnel as Loopback0 interface.
  4. On R1, configure the destination endpoint of the tunnel as Loopback0 interface IP address of R3.
  5. On R1, configure the mode as IP over GRE.
  6. On R1, configure a static route towards 10.10.20.0/24 pointing to R3 IP address of the tunnel interface.

Task 1 hints

  1. Use the command “interface Tunnel0” to create the interface.
  2. Use the command “tunnel source Loopback0” to set the tunnel source endpoint.
  3. Use the command “tunnel destination 1.1.1.3” to set the tunnel destination endpoint.
  4. Use the command “tunnel mode gre ip” to set the tunnel mode.
  5. Use the command “ip route 10.10.20.0 255.255.255.0 100.100.100.3” to set the static route towards 10.10.20.0/24 through the tunnel interface.

Task 2 requirements

  1. On R3, configure interface Tunnel0.
  2. On R3, configure the IP address specified on the diagram.
  3. On R1, configure the source endpoint of the tunnel as Loopback0 interface.
  4. On R3, configure the destination endpoint of the tunnel as Loopback0 interface IP address of R1.
  5. On R3, configure the mode as IP over GRE.
  6. On R3, configure a static route towards 10.10.10.0/24 pointing to R3 IP address of the tunnel interface.

    Task 2 hints

  7. Use the command “interface Tunnel0” to create the interface.
  8. Use the command “tunnel source Loopback0” to set the tunnel source endpoint.
  9. Use the command “tunnel destination 1.1.1.1” to set the tunnel destination endpoint.
  10. Use the command “tunnel mode gre ip” to set the tunnel mode.
  11. Use the command “ip route 10.10.10.0 255.255.255.0 100.100.100.1” to set the static route towards 10.10.10.0/24 through the tunnel interface.

Verification

Once you finish Task 2, you can test to see if the tunnel is up and traffic can transit it.

On PC_1, on the Desktop tab, select “Command Prompt” and issue a ping to 10.10.20.100. This ping should be successful.

Likewise, On PC_2, on the Desktop tab, select “Command Prompt” and issue a ping to 10.10.10.100. This ping should be successful.

As you can see, configuring tunnel interfaces is a pretty easy task to do. But you have to be aware that in order for a tunnel to come up, the router on which you are configuring the tunnel must be able to reach the destination of the tunnel via other means(static route, routing protocol).