problem for routing specific traffic through gre ipsec tunnel
-
1- no it can't ping x.x.x.193. should i route the requests for that??
-
@vistatech
Show packet capture on the lan interface -
it is similar to pinging 10.1.1.150 just request and no reply
-
@vistatech
here you can see that the answer comes to the gre interface
and on the lan interface the answer comes ?
-
no. it does not come to lan interface. here is what i assumed:
that capture is when i ping 10.1.1.150 (remote GRE ip) from my windows box (192.168.10.4) packet capture on lan shows a bunch of request. but packet capture on gre shows that requests from 192.168.251.194 (my side of GRE) goes to 10.1.1.150 and reply comes from 10.1.1.150 to x.x.x.194 and from there it does not come to my windows box. -
@vistatech
Are there any Floating Rules ? -
yes there is one, for GRE interface, with source and destination set to any.
since the requests go through 192.168.251.194, it seems like routing is being done, but NAT is not. -
should i be able to ping my local windows host (192.168.10.4) from my GRE interface?? if yes i can't.
-
@vistatech
Show this rule -
which rule?
-
@vistatech said in problem for routing specific traffic through gre ipsec tunnel:
which rule
Floating rule for GRE interface
And still such question
GRE over ipsec
ipsec (phase 2) in transport mode ?
is this correct ?
It's just that Pfsense doesn't always work correctly with GRE over ipsec. -
yes, ipsec phase 2 is in transport mode.
-
@vistatech
Hey
As I said , PF does not always work correctly with GRE over IPSEC.
Try to do so- disable GRE interface
- reboot
- Verify that THE IPSec tunnel is established
- enable the GRE interface
5.verify