-1

To create a tunnel between two machines connected to the same network, I can run the following commands:

From host A: 

sudo ip link add gretap1 type gretap local HOST_A_IP remote HOST_B_IP
sudo ip link set gretap1 up

From host B: 

sudo ip link add gretap1 type gretap local HOST_B_IP remote HOST_A_IP
sudo ip link set gretap1 up

Here because A and B are on the same network, I can use private IP addresses 192.168.x.x.

Now, I would like to create a tunnel between two AWS EC2 instances. I am able to create it using PPP over SSH, but can I create it with the above method ?

Here is the big picture:

enter image description here

I need traffic to be exchanged between the local interfaces of hosts A and B through the tunnel.

Ahmed Hussein
  • 99
  • 5

1 Answers1

0

Nothing needs to change. HOST_A_IP and HOST_B_IP should be the IP addresses of the source and destinations, respectively. Whether the addresses are on the same network or not is irrelevant.

Ron Trunk
  • 2,159
  • 1
  • 11
  • 19
  • But because they are on different networks, they won't be able to see each other directly. For example, A cannot `ping` B and vice versa – Ahmed Hussein Jan 31 '19 at 14:44
  • If the devices can't communicate with each other, then you can't build a tunnel between them. I assumed you had routing enabled between them. Can R1 and R2 ping each other? – Ron Trunk Jan 31 '19 at 14:47
  • But a can see R2, and B can see R1. So, I guess I need to change something in my commands to create the tunnel and let A and B communicate through R1 and R2. **My final target** is to create a tunnel between 2 AWS EC2 instances running Ubuntu. Do you have an idea ? – Ahmed Hussein Jan 31 '19 at 14:51
  • 1
    Are the instances in the same VPC? – Ron Trunk Jan 31 '19 at 14:56
  • Yes, they are on the same VPC – Ahmed Hussein Jan 31 '19 at 14:59
  • You originally asked a very generic question, but now it is particular to your network design. Can you provide a simple diagram so we can understand the topology? – Ron Trunk Jan 31 '19 at 15:06
  • OK, I made the question more specific and added a simple diagram. Is the big picture more obvious now ? – Ahmed Hussein Jan 31 '19 at 15:28
  • 1
    To reiterate, if A and B can't communicate, then you can't build a tunnel between them. If R1 and R2 (missing from your diagram) can communicate, then you can build the tunnel between them to allow A and B to talk. Please let us know what kind of routers R1 and R2 are, and we can help you there. – Ron Trunk Jan 31 '19 at 16:55
  • I mentioned R1, R2 when I was talking about physical PCs. But when it comes to AWS EC2, R1 and R2 can be replaced by the public IP for each VM. So, the A and B can ping each other by the public IP and they are on the same VPC. Is it clearer now ? – Ahmed Hussein Feb 01 '19 at 21:36
  • Honestly, it's very difficult to help you when you hand out information a spoonful at a time. Your diagram doesn't show how the two VMs are configured, and what the topology of your VPC is. Now you say the VMs have public IPs as well. It would be better if you provide a complete description of your topology so we can give you a real answer. As you can see, answers based on incomplete information aren't very helpful. – Ron Trunk Feb 01 '19 at 21:42
  • I am really sorry. I am trying to clarify as much as possible. Do you see the updated diagram? The traffic should go from host A's local interface through the tunnel to host B's interface. Now, it is clear that A and B can see each other by the public IP. Is this enough now ? – Ahmed Hussein Feb 01 '19 at 22:26
  • If they’re in the same VPC, why can’t they talk directly? – Ron Trunk Feb 02 '19 at 00:39
  • They can talk directly, but I want to try to create a VPN tunnel between them for research purposes – Ahmed Hussein Feb 02 '19 at 09:20
  • That would have been nice to know from the beginning. In this case, my original answer stands, Just use their public IP for the tunnel endpoints. – Ron Trunk Feb 02 '19 at 13:09
  • But if I do this, I still didn't specify which local interface will accept the traffic incoming to the VM. At the bottom of the diagram, I said that traffic should go between local interfaces through the tunnel – Ahmed Hussein Feb 02 '19 at 13:58