IPSec over GRE and OSPF



  • Hello.

    I have 2 pfsense and I try to create an IPSec over GRE tunnel and then setup the OSPF. The problem is that if I have only GRE and OSPF everything works great but unencrypted of course. When I setup IPSec and it is established, I cannot ping the GRE peer IPs and of course OSPF cannot communicate with it's neighbor.

    Any Ideas?



  • Hello,

    I have the same problem. When I set ipsec connection i am loosing the GRE tunnel connection. Do you have any update of it?

    kind regards



  • I found on an other thread that the problem is with the firewall. If you disable the firewall temporally (pfctl -d) then GRE over IPSEC works ok.  So we have to find the suitable firewall rules of it.



  • Hello.

    Your solution works. Disabling firewall with pfctl -d works great. But until now I allowed EVERYTHING on ALL interfaces !!! What is the difference between allowing everything (any) on all interfaces and disabling firewall ?
    :-\



  • I Have this same issue.

    I have read some articles which lead to this https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules

    as theology have TCP:SA in them which indicates asymmetric routing
    Jul 14 16:04:15 ► gre0   172.16.15.30:179   172.16.15.29:65116 TCP:SA
    Jul 14 16:04:23 ► gre0   172.16.15.30:179   172.16.15.29:65116 TCP:SA

    I've added tcp flaps and sloppy states to all my rules under floating and the traffic is still getting blocked which is rather frustrating!

    anyone come across a fix or things to check?


Log in to reply