IPSec over GRE and OSPF
-
Hello.
I have 2 pfsense and I try to create an IPSec over GRE tunnel and then setup the OSPF. The problem is that if I have only GRE and OSPF everything works great but unencrypted of course. When I setup IPSec and it is established, I cannot ping the GRE peer IPs and of course OSPF cannot communicate with it's neighbor.
Any Ideas?
-
Hello,
I have the same problem. When I set ipsec connection i am loosing the GRE tunnel connection. Do you have any update of it?
kind regards
-
I found on an other thread that the problem is with the firewall. If you disable the firewall temporally (pfctl -d) then GRE over IPSEC works ok. So we have to find the suitable firewall rules of it.
-
Hello.
Your solution works. Disabling firewall with pfctl -d works great. But until now I allowed EVERYTHING on ALL interfaces !!! What is the difference between allowing everything (any) on all interfaces and disabling firewall ?
:-\ -
I Have this same issue.
I have read some articles which lead to this https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules
as theology have TCP:SA in them which indicates asymmetric routing
Jul 14 16:04:15 ► gre0 172.16.15.30:179 172.16.15.29:65116 TCP:SA
Jul 14 16:04:23 ► gre0 172.16.15.30:179 172.16.15.29:65116 TCP:SAI've added tcp flaps and sloppy states to all my rules under floating and the traffic is still getting blocked which is rather frustrating!
anyone come across a fix or things to check?