Why these values?
SIDE_A_POLICY_INBOUND
route policy processes incoming routes. The first line denies the default route, while the second line permits the client routes.
3. Define the outbound route policy:
SIDE_A_POLICY_OUTBOUND
route policy denies all routes coming out of the router.
The route policy configuration on Side B will be similar:
SIDE_B_POLICY_INBOUND
and SIDE_B_POLICY_OUTBOUND
route policies describe the routes coming in and going out of the Side B’s router, respectively. Side B doesn’t accept any routes from Side A, and advertises its own routes to Side A without the default route.
The BGP configuration on both ends of the GRE tunnel should be as follows:
Side A:
40.0.0.1
with this system’s public IP and 50.0.0.1
with the remote system’s public IP.
2. Assign an IP address to the tunnel interface: sudo ip addr add 10.20.30.1/24 dev gre1
.
3. Bring up the GRE interface: sudo ip link set gre1 up
.
Configure the tunnel on the second endpoint with the example address 50.0.0.1:
1. Create the GRE tunnel:
sudo ip addr add 10.20.30.2/24 dev gre1
.
3. Bring up the GRE interface: sudo ip link set gre1 up
.
net.ipv4.ip_forward=1
.
Apply the changes by running sudo sysctl -p
.
/etc/network/interfaces
or use systemd service files.
To update the setup in /etc/network/interfaces
, add the following information to the file:
systemd
service to set up the tunnel at boot.