GRE over IPSec
-
Running 2.5.1.
I'm trying to configure a GRE tunnel over IPSec over public Internet. GRE is needed because the traffic involves Multicast.
I've got the P1 and P2 established without issue, but having trouble getting getting traffic to pass over the IPSec, so of course no GRE. I've tried different iterations of Routed VTI, and IPv4 tunnel - Single address and network on both ends. Point to point IP being used is 10.255.1.1 and 10.255.1.2 for the two ends. Ultimately, I intend to have an isolated interface on both ends for the traffic to pass over - this is basically point to point. Something like below.:<OPT1 - side A> - <GRE> - <IPSec> - <Internet> - <IPSec> - <GRE> - <OPT1 - side B>
I can ping the 10.255.1.1 address from side A, but cannot ping the .2 on the other side. Packet cap on VTI on side B shows pings making it there, but no response.
Is there a recipe somewhere I've missed for the step by step?
I actually have this working on a UBNT Edgerouter 4, but I'm exceeding it's capabilities with a 60 Mbps stream of RTP IP video. Basically, it stops passing traffic for a 1/2 sec or so at times. UBNT support says it's a limitation of IPSec. Yeah, I know different.