GRE tunnel working only in one direction



  • Hello,

    I've created GRE tunnel between two local subnets connected to two local pfSense machines, although I am able to ping only in one direction.
    Rules are set identically on both pfSense machines.
    Client computers from which I try to ping are running Windows, but Windows firewall is disabled in both cases.
    Could you please help me ?

    I can ping the 2nd subnet from the devices conneted to the 1st site LAN.

    First pfSense
    WAN
    192.168.3.104
    LAN
    192.168.20.1
    gre1.png

    gre2.png


    I cannot ping the 1st subnet from the devices conneted to the 2nd site LAN.
    Second pfSense
    WAN
    192.168.3.98
    LAN
    192.168.40.1
    gre l430.png

    gre l43012.png


  • Netgate Administrator

    Are you really using 1.2.3.4/5 as the tunnel subnet? Is that conflicting with something in the routing table?

    Host unreachable though looks like just a missing route in the second pfSense. With the interfaces assigned the reply-to state may allow replies to work the other way even without a route.

    Steve



  • Thank you for response Steve.

    The rules are set exactly the same on both pfSense machines.
    It must be some other problem.

    UPDATE:
    I finally got this problem solved.
    I've reset whole configuration of the 2nd pfSense machine to the factory settings.
    I've configured all the interfaces & rules again and GRE tunnel is working in both directions now.
    I don't know what was the casue, but there must have been some mess in pfSense configuration files.
    I assume that the issue was interface related.

    I found a guy who had similar issue and he also fixed it this way.

    Regards
    Rodak


Log in to reply