Doubt questions about the gre protocol - Fedora 38 DE Gnome 44.1 x86_64

jackson7 · May 18, 2023, 5:23am

Doubt questions about the gre protocol
I use Fedora 38, DE Bnome 44.1

1 - What does the gre protocol do?
2 - Please explain to me in detail what is its function and if activating it, the system becomes susceptible to invasion attempts?
3 - To access the company’s VPN I use the command script:

sudo firewall-cmd --add-protocol=gre

It displays the success message, after that I click on the VPN button and it works, it stays active, but every time I have to do this. I want to know how to transform the script to make this script permanent and I don’t need to type this command escript every time I turn on the computer that I informed in the paragraphs above?

I tried using this command:

sudo firewall-cmd --permanent --add-protocol=gre

But it shows this error below:

usage: 'firewall-cmd --help' for usage information or see firewall-cmd(1) man page
firewall-cmd: error: unrecognized arguments: –add-protocol=gre

To leave it permanent and I don’t need to access the Linux bash terminal every time I want to enter the VPN, I want to automate the command and leave it permanent so I don’t need it every time I want to access the VPN having to type in the bash terminal the gre protocol activation command to activate the VPN.

That the VPN is only active while the machine is not shut down, after shutting down the machine and returning, when clicking on the VPN button it does not activate and fails, I need help, please, to execute a command to make the gre protocol permanent and I need to access the VPN just by activating it by clicking on the button and not needing to activate the VPN by script code command through the terminal.

vgaetera · May 18, 2023, 6:00am

You probably made a typo as this works for me on Fedora 38:

> sudo firewall-cmd --permanent --add-protocol=gre
success

> sudo firewall-cmd --permanent --list-protocols 
gre

You can also convert the runtime configuration to permanent:

sudo firewall-cmd --runtime-to-permanent

hmmsjan · May 18, 2023, 7:13am

The gre protocol is the most simple protocol to make a direct connection from host/network A to host/network B tunneled over network C, e.g. the internet. For security, you can specify two keys.

You create a packet from A/gre-IP to B/gre-IP and add an IP header from A/internet to B/internet, that’s it. The receiver strips off the additional IP header and finds your original packet.

There is no encryption, so if someone is able to catch the communication on C, he can follow it and enter your network. For connection to company it seems for me, but I’m just an user and not an IT specialist, unacceptable. For this purpose, I would consider to use OpenVPN or Wireguard for encryption and security,

jackson7 · May 18, 2023, 3:37pm

Thanks for the help, the gre protocol script is working in permanent mode, now I activate the VPN with a click of the button, without the need to keep typing the gre protocol activation command script every time I need to access the VPN .

jackson7 · May 18, 2023, 3:40pm

I thank you for your provided information, if anyone from the Fedora community knows more details about the gre protocol, if there are vulnerabilities that allow the invasion let me know in this post.