GRE tunnel working only in one direction

  • Hello,

    I've created GRE tunnel between two local subnets connected to two local pfSense machines, although I am able to ping only in one direction.
    Rules are set identically on both pfSense machines.
    Client computers from which I try to ping are running Windows, but Windows firewall is disabled in both cases.
    Could you please help me ?

    I can ping the 2nd subnet from the devices conneted to the 1st site LAN.

    First pfSense


    I cannot ping the 1st subnet from the devices conneted to the 2nd site LAN.
    Second pfSense
    gre l430.png

    gre l43012.png

  • Netgate Administrator

    Are you really using as the tunnel subnet? Is that conflicting with something in the routing table?

    Host unreachable though looks like just a missing route in the second pfSense. With the interfaces assigned the reply-to state may allow replies to work the other way even without a route.


  • Thank you for response Steve.

    The rules are set exactly the same on both pfSense machines.
    It must be some other problem.

    I finally got this problem solved.
    I've reset whole configuration of the 2nd pfSense machine to the factory settings.
    I've configured all the interfaces & rules again and GRE tunnel is working in both directions now.
    I don't know what was the casue, but there must have been some mess in pfSense configuration files.
    I assume that the issue was interface related.

    I found a guy who had similar issue and he also fixed it this way.


Log in to reply