Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing traffic from Site B to Site A using IPSEC over a GRE Interface

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 199 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      abidkhanhk
      last edited by abidkhanhk

      Hi,

      our ISP blocks IPSEC traffic so in order to mask the ipsec traffice i have decided to create a GRE and then in it create a IPSEC tunnel.

      I have created a GRE interface between 2 sites,

      Site A is the hearquarter 10.0.0.1/24
      site B is Branch office 10.0.0.2/24

      I have create a GRE between 2 sites, Site A and Site B = Ping to each other is ok
      Then i created an IPSEC tunnel using the 10.0.0.1 <> 10.0.0.2 and Ipsec tunnel in P2 transport mode. = Tunnel established

      Created GRE GateWay in Site A as 10.0.0.1 and Site B 10.0.0.2
      Created Static route in Site B as 192.168.40.0/24 use GRE10.0.0.2 GW
      Created Static Route in Site A as 192.168.3.0/24 use GRE 10.0.0.1 GW
      Ping to the network vice versa is OK,
      The Add a outbound NAT rule in Site A to throw everything from 192.168.3.0/24 to the SITE A WAN

      But when i do a Tcp dump and ping one of the machines from Site B in Site A I see that the Traffic is not encapsulated
      I think i am missing some sort of routing rules.
      My final goal is to make all traffic including related to internet to go through the Site A WAN

      Kindly Assist,
      Many Thanks.

      Screenshot_4.png

      1 Reply Last reply Reply Quote 0
      • A
        abidkhanhk
        last edited by abidkhanhk

        Hi,
        I found a tutorial on YouTube which shows that the IPSec tunnel in created by wan to wan instead of GRE to GRE

        Doesn't this negate the purpose on masking the IPSec with GRE?

        https://youtu.be/YPYFcya3Qls

        Any hints?
        Rgd

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.