Pfsense can't reply icmp data package on gre interface

blackjack550

hi,all
   i have been built gre tunnel successful.but i can't finish it now.please help me!

i set a rule on WAN interface to allow access peer pfsense by any protocol.

tcpdump 'proto GRE'
   07:45:11.273303 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 668, length 64
07:45:12.299614 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 669, length 64
07:45:13.318679 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 670, length 64
07:45:14.342119 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 671, length 64
07:45:15.363934 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 672, length 64
07:45:16.383495 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 673, length 64

pf -ss
       all gre 124.207.103.134 <- 220.231.27.136       NO_TRAFFIC:SINGL

And then, #pfctl -d to stop pf
     07:47:48.703967 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 822, length 64
07:47:48.704018 IP 124.207.103.134 > 220.231.27.136: GREv0, length 88: IP beijing124-gw-backup.localdomain > 192.168.95.1: ICMP echo reply, id 54537, seq 822, length 64
07:47:49.724780 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 823, length 64
07:47:49.724824 IP 124.207.103.134 > 220.231.27.136: GREv0, length 88: IP beijing124-gw-backup.localdomain > 192.168.95.1: ICMP echo reply, id 54537, seq 823, length 64
07:47:50.746968 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 824, length 64
07:47:50.747022 IP 124.207.103.134 > 220.231.27.136: GREv0, length 88: IP beijing124-gw-backup.localdomain > 192.168.95.1: ICMP echo reply, id 54537, seq 824, length 64
      i can resolve it though echo "set skip on {gre0}|pfctl -mf -"
      but, i can't resolve it via web interface.  how to change pfsene, i can use gre tunnel normally

jimp

Did you add firewall rules on the GRE tab that shows up after you enable GRE?

I was able to get responses last time I built a GRE tunnel and added rules, but GIF tunnels didn't reply (though that may have been related to the bridging I was doing, which worked great with the GIF tunnel but not GRE…

blackjack550

thx for your reply,  i can't change my firewall rule.because , i can't find gre tab. my firmware at  "built on Sun Oct 10 21:21:46 EDT 2010
FreeBSD 8.1-RELEASE-p1".  i can‘t upgrade my firmware. the version Dec 8 carp stats always stay at "init"

jimp

So upgrade to a current snapshot - CARP is fine, has been for several days now.

blackjack550

thx i will test current version. i hope i can import current configuration to the new version.