Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GRE over IPSec

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 382 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      BobW 0
      last edited by

      Running 2.5.1.
      I'm trying to configure a GRE tunnel over IPSec over public Internet. GRE is needed because the traffic involves Multicast.
      I've got the P1 and P2 established without issue, but having trouble getting getting traffic to pass over the IPSec, so of course no GRE. I've tried different iterations of Routed VTI, and IPv4 tunnel - Single address and network on both ends. Point to point IP being used is 10.255.1.1 and 10.255.1.2 for the two ends. Ultimately, I intend to have an isolated interface on both ends for the traffic to pass over - this is basically point to point. Something like below.:

      <OPT1 - side A> - <GRE> - <IPSec> - <Internet> - <IPSec> - <GRE> - <OPT1 - side B>

      I can ping the 10.255.1.1 address from side A, but cannot ping the .2 on the other side. Packet cap on VTI on side B shows pings making it there, but no response.

      Is there a recipe somewhere I've missed for the step by step?

      I actually have this working on a UBNT Edgerouter 4, but I'm exceeding it's capabilities with a 60 Mbps stream of RTP IP video. Basically, it stops passing traffic for a 1/2 sec or so at times. UBNT support says it's a limitation of IPSec. Yeah, I know different.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.