Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec over GRE and OSPF

    Scheduled Pinned Locked Moved IPsec
    5 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      apant
      last edited by

      Hello.

      I have 2 pfsense and I try to create an IPSec over GRE tunnel and then setup the OSPF. The problem is that if I have only GRE and OSPF everything works great but unencrypted of course. When I setup IPSec and it is established, I cannot ping the GRE peer IPs and of course OSPF cannot communicate with it's neighbor.

      Any Ideas?

      1 Reply Last reply Reply Quote 0
      • P
        pvavilis
        last edited by

        Hello,

        I have the same problem. When I set ipsec connection i am loosing the GRE tunnel connection. Do you have any update of it?

        kind regards

        1 Reply Last reply Reply Quote 0
        • P
          pvavilis
          last edited by

          I found on an other thread that the problem is with the firewall. If you disable the firewall temporally (pfctl -d) then GRE over IPSEC works ok.  So we have to find the suitable firewall rules of it.

          1 Reply Last reply Reply Quote 0
          • A
            apant
            last edited by

            Hello.

            Your solution works. Disabling firewall with pfctl -d works great. But until now I allowed EVERYTHING on ALL interfaces !!! What is the difference between allowing everything (any) on all interfaces and disabling firewall ?
            :-\

            1 Reply Last reply Reply Quote 0
            • A
              ajwill0
              last edited by

              I Have this same issue.

              I have read some articles which lead to this https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules

              as theology have TCP:SA in them which indicates asymmetric routing
              Jul 14 16:04:15 ► gre0   172.16.15.30:179   172.16.15.29:65116 TCP:SA
              Jul 14 16:04:23 ► gre0   172.16.15.30:179   172.16.15.29:65116 TCP:SA

              I've added tcp flaps and sloppy states to all my rules under floating and the traffic is still getting blocked which is rather frustrating!

              anyone come across a fix or things to check?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.