Using a GRE Tunnel to route VMs network and IP to external network.

Xuap · Oct 4, 2022, 7:49 PM

@stephenw10 Ok, it is pinging now. I can ping everything on IP addresses, except domains. Like, If I ping my Home Public IP address, I get a ping of 20ms or something, when the tunnel's ping is about 9ms.

But is it normal the ping state is 0:0 on both ends?

Local:

Remote:

Also the only NAT rules I have are on the remote pfsense, which are:

On the local pfsense I have the NAT disabled.

What rules should I change/add?

Xuap · Oct 4, 2022, 7:52 PM

Also, traceroutes only give * * * * back:

stephenw10 · Oct 4, 2022, 9:02 PM

@xuap said in Using a GRE Tunnel to route VMs network and IP to external network.:

But is it normal the ping state is 0:0 on both ends?

Yes. icmpv4 doesn't have a state.

You should still have 1:1 NAT rules on the remote pfSense. With that you wouldn't need the outbound NAT rule, the 1:1 does that already.
And you need the 1:1 rule if you want inbound connections the VM to work. Or add port forwards for each connection you need but 1:1 does it all.

Steve

Xuap · Oct 4, 2022, 9:04 PM

@stephenw10 So, I can remove the NAT Rules and set NAT as automatic because 1:1 Mapping does all those rules already?

Also, I want to use inbound connections too, for that, I do need that rule mentioned above, or what should I do?

stephenw10 · Oct 4, 2022, 9:10 PM

Yes, if you have the 1:1 NAT rule in place it NAT's all traffic inbound and outbound between those IPs, 1:1.
So you can remove/disable the outbound NAT rule. No harm in leaving it in hybrid mode though.

For inbound traffic you still need firewall rules to allow that on the remote side WAN. And they re applied after NAT so the destination will be the internal private IPs of the VMs.

Xuap · Oct 4, 2022, 9:21 PM

@stephenw10 I putted NAT in auto mode

and in the WAN rules I have this

you were referring to those rules I just created right?

I can ping any IP address, but I can't ping any URL

I have the nameservers 8.8.8.8 and 8.8.4.4 on the VM

stephenw10 · Oct 4, 2022, 9:34 PM

It looks like you have something that's only passing ICMP then.

Look for any state to 8.8.8.8 when you try to ping by FQDN. You should see the DNS traffic from the VM opening states on all 4 interfaces.

Steve

Xuap · Oct 4, 2022, 9:39 PM

@stephenw10 On local I get this one

On remote I get nothing

stephenw10 · Oct 4, 2022, 9:45 PM

What firewall rules do you have on the remote GRE interface?

Xuap · Oct 4, 2022, 9:47 PM

@stephenw10

This ones

Xuap · Oct 4, 2022, 10:22 PM

@xuap It is now solved, it was the Firewall that had an option to block IPV6, and some rules were not properly configured. Thanks for all the help Steve! :D

stephenw10 · Oct 4, 2022, 11:04 PM

Cool. Yeah you'd need a rule to pass traffic from 192.168.2.X to any on that interface. Not just v4 ICMP as shown in that screenshot.

Steve