Routing Traffic Through a GRE Tunnel for Secondary IPs on Ubuntu
packetware logo
A

Lead Engineer @ Packetware

Routing Traffic Through a GRE Tunnel for Secondary IPs on Ubuntu

🧠 Scenario

  • Local VM (Ubuntu):

    • Interface: eth0
    • Primary IP: 192.0.2.1 (used for the GRE tunnel)
    • Secondary IP: 192.0.2.2 (traffic to be tunneled)

  • Remote host (also Linux):

    • Public IP: 198.51.100.1

  • Tunnel: GRE tunnel between 192.0.2.1 ↔ 198.51.100.1

βœ… Local VM Configuration (192.0.2.1 and 192.0.2.2)

# Ensure secondary IP is added to the interface
ip addr add 192.0.2.2/32 dev eth0

# Create GRE tunnel interface
ip tunnel add gre1 mode gre local 192.0.2.1 remote 198.51.100.1 ttl 255
ip link set gre1 up
ip addr add 10.0.0.1/30 dev gre1

# Use policy routing to route traffic from 192.0.2.2 through gre1
ip rule add from 192.0.2.2 lookup 100
ip route add default dev gre1 table 100

βœ… Remote Host Configuration (198.51.100.1)

# Create matching GRE tunnel interface
ip tunnel add gre1 mode gre local 198.51.100.1 remote 192.0.2.1 ttl 255
ip link set gre1 up
ip addr add 10.0.0.2/30 dev gre1

# Route return traffic for 192.0.2.2 through gre1
ip route add 192.0.2.2 dev gre1

This ensures that any traffic destined for 192.0.2.2 is sent through the tunnel, creating a symmetric GRE path between the two nodes.

πŸ§ͺ Testing

On the local VM:

ping -I 192.0.2.2 10.0.0.2

You can also use tcpdump on gre1 to verify packets are passing through:

tcpdump -i gre1

πŸ” Making It Persistent

To persist the configuration across reboots:

  • Use a systemd unit or script placed in /etc/network/if-up.d/
  • Alternatively, define routes and rules in netplan or /etc/network/interfaces