Static Routing over GRE Tunnel
-
I have a problem with routing over a GRE Tunnel. I have 2 Sites with a working gre tunnel. the routing between the 2 sites working form default interface and from the tunnel source (ping). All the attached and routet interfaces are responding. But when I ping with the source of a LAN Interface to the destination LAN on the other side, the pings are blocked.
ping from site 2 source 192.168.6.1 to site 1 192.168.11.1 -> not working
ping from site 2 source default to site 1 192.168.11.1 -> working
ping from site 2 source 10.101.99.6 to site 1 192.168.11.1 -> workingthe firewall on both side are fully open on lan and also on the tunnel interface.
Is there someone who can help me with the routings? How I can realise this setup?
g.
thomasSITE 1: WAN x.x.x.x GRE 10.101.99.5/30 Networks: 192.168.11.1/24 192.168.21.1/24 192.168.31.1/24 Gateways: Default: WAN CABLE Tunnel: 10.101.99.6 Routing: 192.168.6.1 over GW 10.101.99.6 gre0: flags=9051 <up,pointopoint,running,link0,multicast>metric 0 mtu 1468 tunnel inet x.x.x.x --> y.y.y.y inet 10.101.99.5 --> 10.101.99.6 netmask 0xfffffffc inet6 fe80::200:24ff:fece:4630%gre0 prefixlen 64 scopeid 0x22 nd6 options=3 <performnud,accept_rtadv>SITE 2: WAN y.y.y.y GRE 10.101.99.6/20 192.168.6.1/24 Geteways Default: WAN DSL Tunnel 10.101.99.6 Routing: 192.168.11.1/24 over GW 10.101.99.5 192.168.21.1/24 over GW 10.101.99.5 192.168.31.1/24 over GW 10.101.99.5 gre0: flags=9051 <up,pointopoint,running,link0,multicast>metric 0 mtu 1468 tunnel inet y.y.y.y --> x.x.x.x inet 10.101.99.6 --> 10.101.99.5 netmask 0xfffffffc inet6 fe80::20d:b9ff:fe29:aeb0%gre0 prefixlen 64 scopeid 0xa nd6 options=3 <performnud,accept_rtadv></performnud,accept_rtadv></up,pointopoint,running,link0,multicast></performnud,accept_rtadv></up,pointopoint,running,link0,multicast>
-
The routes work from any additional interface but not from the system generated LAN interface.
g.
thomas -
On the 2nd box the same problem:
10.102.1.0/24 10.101.99.2 UG 0 0 1476 gre1 -> don't work
10.102.11.0/24 10.101.99.2 UG 0 0 1476 gre1 -> don't work
10.102.12.0/24 10.101.99.2 UG 0 3 1476 gre1 -> working
10.102.21.0/24 10.101.99.2 UG 0 3 1476 gre1 -> working
10.102.31.0/24 10.101.99.2 UG 0 3 1476 gre1 -> workingI don't know why some subnets are working and some others not
Anyone a idea?
g.
thomas -
I found the problem :) There was some old not cleared routing rules from a old and deleted ipsec configuration. Now all routes are working as designed.
g.
thomas