Update on Building GRE Tunnel to break wall

Make it more automatic and reduce usage of rc.local

VPS A

cat /etc/network/interfaces

1
2
3
4
5
6
7
8
9
10
auto xxxx
iface xxxx inet tunnel
address 10.18.20.1
mode gre
endpoint <VPS B global IP>
dstaddr 10.18.20.2
local <VPS A global IP>
ttl 255
netmask 255.255.255.0
#post-up /sbin/ip route add 0.0.0.0/0 table 230 dev xxxx

cat /etc/network/if-up.d/xxxx-up

1
2
3
4
5
6
7
8
9
10
11
12
#!/bin/sh
# filename: xxxx-up
set -e
if [ "$IFACE" = xxxx ]; then
  echo "==="$(date) "\n$IFACE up" > /var/log/xxxx-up.log
  echo "$(/sbin/ifconfig $IFACE)" >> /var/log/xxxx-up.log
  /sbin/ip rule add from 172.16.9.0/24 table 230 ## 172.16.9.0/24 is the vpn client subnet of VPS A
  /sbin/ip route flush table 230
  /sbin/ip route add 0.0.0.0/0 table 230 dev xxxx
  /bin/bash /root/scripts/routes-up.sh
fi

head /root/scripts/routes-up.sh

The file is modified from https://github.com/sabersalv/freedom-routes, by appending “table 230” to each line

1
2
3
4
5
6
7
8
9
10
11
#!/bin/sh
export PATH="/bin:/sbin:/usr/sbin:/usr/bin"
gateway=$(/sbin/ip route show 0/0 | /bin/grep via | /bin/grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
ip -batch - <<EOF
  route add 1.0.1.0/24 via $gateway table 230
  route add 1.0.2.0/23 via $gateway table 230
  route add 1.0.8.0/21 via $gateway table 230
  route add 1.0.32.0/19 via $gateway table 230
  route add 1.1.0.0/24 via $gateway table 230

cat /etc/network/if-down.d/xxxx-down

1
2
3
4
5
6
7
8
9
10
#!/bin/sh
# filename: xxxx-down
set -e
if [ "$IFACE" = xxxx ]; then
  echo "==="$(date) "\n$IFACE down" > /var/log/xxxx-down.log
  /sbin/ip rule del from 172.16.9.0/24 table 230
  /sbin/ip route flush table 230
  /sbin/ip route add default table 230 dev eth1 ## eth1 is the default global interface
fi

cat /etc/iproute2/rt_tables

1
2
3
4
5
6
7
8
9
10
11
12
#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
230 outwall

VPS B

cat /etc/network/interfaces

1
2
3
4
5
6
7
8
9
auto xxxx
iface xxxx inet tunnel
address 10.18.20.2
mode gre
endpoint <VPS A global IP>
dstaddr 10.18.20.1
local <VPS B global IP>
ttl 255
netmask 255.255.255.0

iptables -t nat -nvL

1
2
3
Chain POSTROUTING (policy ACCEPT 27761 packets, 1696K bytes)
 pkts bytes target     prot opt in     out     source               destination
 9949 1112K MASQUERADE  all  --  *      *       10.18.20.0/24        0.0.0.0/0