为了方便企业在不同地理区域也能共同分享各分部的资源,企业总部与分部之间可以建立VPN通道达成资源分享的目的,本篇介绍以Cisco GRE(Generic Routing Encapsulation)的方式来建立VPN通道 文件RFC2784(http://tools.ietf.org/html/rfc2784 )定义了GRE(Generic Routing Encapsulation)的规范,是一个简单的IP封包封装协定,GRE通道可以让路由器连接两个不同的区域网路达成一种VPN的效果:
GRE tunnel
------------site A -- -- -- -- -- -- -- -- siteB-------------
59.12.30.9 211.22.33.99
================================================
Site A configuration:
#create gre tunnel
/sbin/ip tunnel add HQ_branch mode gre remote 211.22.33.99 \
local 59.12.30.9 ttl 255 dev eth0 key 1.2.3.4
# bring up gre tunnel interface
ip link set HQ_branch up
# assign gre tunnel ip
/sbin/ip addr add 10.1.255.1/32 peer 10.2.255.1/32 dev HQ_Branch
ifconfig HQ_Branch multicast
================================================
Site B configuration:
# add gre tunnel to hq
/sbin/ip tunnel add Branch_HQ mode gre remote 59.12.30.9 \
local 211.22.33.99 ttl 255 dev eth0 key 1.2.3.4
# bring up gre tunnel interface
/sbin/ip link set Branch_HQ up
# assign ip to gre tunnel
/sbin/ip addr add 10.2.255.1/32 peer 10.1.255.1/32 dev Branch_HQ
ifconfig Branch_HQ multicast
=================================================
