FRR: BGP routes via GRE over ipsec
-
Hi All I am new to FRR and routing in general and am looking for some advice.
I am attempting to setup my pfsense to reach a remote private network provided by my Telecom provider. The telecom provider uses two redundant paths to the remote private network and uses BGP to switch routes between those paths.
The BGP endpoint(10.160.128.29/32) is setup on OPT2 in PFSense and Opt 1 is the GRE tunnel which is setup like this:
Both Endpoints of the GRE tunnel are connected via an IPsec tunnel between my pfsense and the telecom firewall.
Now I think i've got most of the above working using FRR for the BGP connection, which is established with Telecom provider and I receive the proper route which is:
10.102.255.237 is the telecom side of the GRE tunnel
Now my issue is how do I get to the remote network from one of the other networks attached to pfsense(The LAN for example)
When I ping the remote network from the PFSense side of the GRE tunnel(10.102.255.238) i get replies no problem. Meaning my connection to the remote network seems to be working as expected, except only when sourcing from the PFSense side of the GRE.
If I try to ping the remote network from the LAN or even OPT2(10.160.128.29/32) I get nothing but time outs.
Seems like I'm just missing something simple now like a static route(I've tried a few to no avail) or similar to get connectivity from my LAN network. But I have a feeling theres something in the big picture I am missing
Does anyone have any thoughts?
Thanks in advance.
PS all interfaces except WAN have any/any rules. All interfaces local to pfsense can ping one/another
-
Got it figured with some basic reading. What i was missing was the policy based routing via firewall rules as described here:
https://docs.netgate.com/pfsense/en/latest/routing/directing-traffic-with-policy-routing.html