Setting up GRE tunnel

glennonline · Jan 10, 2018, 9:30 PM

I'm trying to set-up a GRE tunnel in order to obtain additional IP addresses for our connection, but the provider is only able to provide Mikrotik instructions.
This is what we received:
cd /sbin

./insmod /lib/modules/uname -r/kernel/net/ipv4/ip_gre.ko

./ip tunnel add tun_extra_ip mode gre local 62.45.210.XX remote 37.148.192.XX ttl 225

./ifconfig tun_extra_ip up

cd /sbin

./ifconfig tun_extra_ip 37.148.198.XX/29

./ifconfig eth0:22 37.148.198.XX/29 up

./ifconfig eth0:23 37.148.198.XX/29 up

./ifconfig eth0:24 37.148.198.XX/29 up

./ifconfig eth0:25 37.148.198.XX/29 up

So basically, what I'm wondering is, how can I correctly set this up?
Should I add the ./ifconfig eth0:22 37.148.198.XX/29 lines as virtual IP's? How can I check if the GRE tunnel is up?
What should I enter at GRE tunnel remote address?

Thanks for anyone who can shed a light on this, your help is much appreciated.

Grimson · Jan 10, 2018, 9:33 PM

RTFM https://doc.pfsense.org/index.php/GRE_Interfaces

glennonline · Jan 10, 2018, 9:46 PM

I did read that ofcourse, but I'm unable to get it working correctly, when I enable the interface some websites become unreachable, I suspect it has something to do with the "GRE tunnel subnet" but it's not really clear to me what value is the correct one.

As said, I already read the manual, but how the instructions I received apply to the manual is not clear to me, if you could point me into the right direction (like yes, the additional IP addresses should be entered at the virtual IP's, or which IP address should be put in the Remote tunnel IP address field that would already be of much help.

glennonline · Jan 14, 2018, 1:27 AM

Hi Grimson (or anyone else)

I hope someone can still help me out with this issue, as I'm not getting any further with this issue.

When I add the GRE tunnel and enable the interface (as per the manual) some websites are becoming unreachable, disabling the interface again solves this issue, anyone who can tell me what could be the cause of this?
Furthermore, when trying to add a virtual IP, I get the following error:
The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP.

Since the manual explicitly mentions that the IP type should be set to none I am unaware of where I can add the IP addresses as mentioned in the scrip.t

Derelict · Jan 14, 2018, 4:12 AM

What breaks? DNS? Actual connectivity?

"Cannot reach some web sites" is not a trouble description that any network administrator should be giving.

You will notice in their example that they are adding the VIPs to eth0, not to the GRE tunnel.

Try using /32 IP Alias VIPs on localhost.

glennonline · Jan 14, 2018, 2:28 PM

Hi Derelict,

You are right, that is not a very helpful description of my issue.
After enabling the interface which has the GRE tunnel as the network port IPv4 websites become unreachable, while IPv6 websites are still reachable.
In the attachment i've added the configuration of the GRE tunnel.

Basically the first problem would be the loss of IPv4 connectivity would be the primary concern.
When I try to ping from the WAN interface to for instance 8.8.8.8 it gives back timeout, while for the back-up internet connection this remains working.

I hope this clarifies the issue and someone can point me into the right direction.

![GRE tunnel.png](/public/imported_attachments/1/GRE tunnel.png)
![GRE tunnel.png_thumb](/public/imported_attachments/1/GRE tunnel.png_thumb)
![firewall LAN.PNG](/public/imported_attachments/1/firewall LAN.PNG)
![firewall LAN.PNG_thumb](/public/imported_attachments/1/firewall LAN.PNG_thumb)

glennonline · Jan 21, 2018, 12:06 PM

I also tested this with another appliance with nearly no changes to the default configuration, but I get the same result.

If anyone could tell me where i've might made a mistake that would be really appreciated.