Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't figure out how to route specific devices/whole subnet via GRE tunnel on TNSR.

    Scheduled Pinned Locked Moved TNSR
    6 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gabacho4 Rebel Alliance
      last edited by gabacho4

      Apologize if this one is something that one would think a guy would know. I am stuck and maybe no longer thinking clearly as a result of staring at the problem for so long.

      I am trying to route traffic from one location to another via a GRE tunnel. I've successfully been able to get the GRE endpoints to connect and can ping the other side (from the TSNR user prompt. Additionally, I am able to ping the internet (google) if I specify the GRE interface. When I connect a device to my LAN port, I am also able to ping the remote end of the GRE tunnel.

      This is where I get caught up. I would ideally only like to route select devices (PBR) traffic via the GRE tunnel. But at this point, I'd be happy if I could get the whole subnet to go.

      From what I understand I need to create a vrf/table (GRE1 for example) which routes 0.0.0.0/0 via next hop to the GRE endpoint tunnel IP. I thought then that I'd need to apply that vrf to my LAN interface but when I do, bad bad things happen.

      Is anyone able to help me understand what needs to be done? I can get it to work easy on PfSense but PfSense does a lot of little things for you and uses a bit different terminology. I've experience with Vyos as well, and I'd create a table and then make PBR rulesets that would then be applied to an interface. TNSR has its own syntax and I'm lost as to how to implement.

      G 1 Reply Last reply Reply Quote 0
      • G
        gabacho4 Rebel Alliance @gabacho4
        last edited by

        Bump. Anyone at all?

        1 Reply Last reply Reply Quote 0
        • G
          gabacho4 Rebel Alliance
          last edited by

          Figured out how to just route everything over the GRE by changing the 0.0.0.0/0 route in the default IPV4 table to have a next hop of remote GRE tunnel ip. That works as far as whole system routing over GRE. Still trying to figure out how to route only one subnet or EVEN BETTER just a range of IP addresses. There's gotta be a way. I'm just dragging my knuckles on the ground too hard.

          DerelictD 1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate @gabacho4
            last edited by

            @gabacho4 Policy-based routing is not currently available in tnsr.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            G 1 Reply Last reply Reply Quote 1
            • G
              gabacho4 Rebel Alliance @Derelict
              last edited by

              @derelict thanks for the response and, frankly, the validation that I’m not a complete idiot. Is policy based routing in the TODO list or am I trying to do something TNSR wasn’t intended to do?

              DerelictD 1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate @gabacho4
                last edited by

                @gabacho4 Yes, there is an open feature request for the same. No timeline that I can see.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.