• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Using a GRE Tunnel to route VMs network and IP to external network.

Scheduled Pinned Locked Moved General pfSense Questions
36 Posts 2 Posters 4.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • X
    Xuap @stephenw10
    last edited by Oct 4, 2022, 7:49 PM

    @stephenw10 Ok, it is pinging now. I can ping everything on IP addresses, except domains. Like, If I ping my Home Public IP address, I get a ping of 20ms or something, when the tunnel's ping is about 9ms.

    But is it normal the ping state is 0:0 on both ends?

    Local:
    1cb08819-1b8b-4ac5-a45b-dfbe311348f1-image.png

    Remote:
    80fcbc34-bdfe-4b60-b3d2-91adf9b2b878-image.png

    Also the only NAT rules I have are on the remote pfsense, which are:
    ff35e59a-2ab5-4dfb-a6b2-81dc147ac867-image.png

    On the local pfsense I have the NAT disabled.

    What rules should I change/add?

    X S 2 Replies Last reply Oct 4, 2022, 7:52 PM Reply Quote 0
    • X
      Xuap @Xuap
      last edited by Oct 4, 2022, 7:52 PM

      Also, traceroutes only give * * * * back:

      27620e86-8dd4-4046-bfaa-bb66713b3f4d-image.png

      1 Reply Last reply Reply Quote 0
      • S
        stephenw10 Netgate Administrator @Xuap
        last edited by Oct 4, 2022, 9:02 PM

        @xuap said in Using a GRE Tunnel to route VMs network and IP to external network.:

        But is it normal the ping state is 0:0 on both ends?

        Yes. icmpv4 doesn't have a state.

        You should still have 1:1 NAT rules on the remote pfSense. With that you wouldn't need the outbound NAT rule, the 1:1 does that already.
        And you need the 1:1 rule if you want inbound connections the VM to work. Or add port forwards for each connection you need but 1:1 does it all.

        Steve

        X 1 Reply Last reply Oct 4, 2022, 9:04 PM Reply Quote 0
        • X
          Xuap @stephenw10
          last edited by Oct 4, 2022, 9:04 PM

          @stephenw10 So, I can remove the NAT Rules and set NAT as automatic because 1:1 Mapping does all those rules already?

          Also, I want to use inbound connections too, for that, I do need that rule mentioned above, or what should I do?

          1 Reply Last reply Reply Quote 0
          • S
            stephenw10 Netgate Administrator
            last edited by Oct 4, 2022, 9:10 PM

            Yes, if you have the 1:1 NAT rule in place it NAT's all traffic inbound and outbound between those IPs, 1:1.
            So you can remove/disable the outbound NAT rule. No harm in leaving it in hybrid mode though.

            For inbound traffic you still need firewall rules to allow that on the remote side WAN. And they re applied after NAT so the destination will be the internal private IPs of the VMs.

            X 1 Reply Last reply Oct 4, 2022, 9:21 PM Reply Quote 0
            • X
              Xuap @stephenw10
              last edited by Oct 4, 2022, 9:21 PM

              @stephenw10 I putted NAT in auto mode
              b0647163-4fde-462a-90da-995f9ebce5e5-image.png
              and in the WAN rules I have this
              c9dc6e49-f282-4b31-ab0c-2a8f703dc952-image.png

              you were referring to those rules I just created right?

              I can ping any IP address, but I can't ping any URL
              20acf6c1-66b6-405a-bdf7-d8a834301eb0-image.png

              I have the nameservers 8.8.8.8 and 8.8.4.4 on the VM

              1 Reply Last reply Reply Quote 0
              • S
                stephenw10 Netgate Administrator
                last edited by Oct 4, 2022, 9:34 PM

                It looks like you have something that's only passing ICMP then.

                Look for any state to 8.8.8.8 when you try to ping by FQDN. You should see the DNS traffic from the VM opening states on all 4 interfaces.

                Steve

                X 1 Reply Last reply Oct 4, 2022, 9:39 PM Reply Quote 0
                • X
                  Xuap @stephenw10
                  last edited by Oct 4, 2022, 9:39 PM

                  @stephenw10 On local I get this one

                  93d1808d-db92-4c6d-bafe-dfc4342609e0-image.png

                  On remote I get nothing
                  efe8bbfe-5878-4685-a700-9fe7ce16faef-image.png

                  1 Reply Last reply Reply Quote 0
                  • S
                    stephenw10 Netgate Administrator
                    last edited by Oct 4, 2022, 9:45 PM

                    What firewall rules do you have on the remote GRE interface?

                    X 1 Reply Last reply Oct 4, 2022, 9:47 PM Reply Quote 0
                    • X
                      Xuap @stephenw10
                      last edited by Oct 4, 2022, 9:47 PM

                      @stephenw10

                      This ones
                      0012b175-aee1-47a9-8e43-047862e4b8a3-image.png

                      X 1 Reply Last reply Oct 4, 2022, 10:22 PM Reply Quote 0
                      • X
                        Xuap @Xuap
                        last edited by Oct 4, 2022, 10:22 PM

                        @xuap It is now solved, it was the Firewall that had an option to block IPV6, and some rules were not properly configured. Thanks for all the help Steve! :D

                        1 Reply Last reply Reply Quote 0
                        • S
                          stephenw10 Netgate Administrator
                          last edited by Oct 4, 2022, 11:04 PM

                          Cool. Yeah you'd need a rule to pass traffic from 192.168.2.X to any on that interface. Not just v4 ICMP as shown in that screenshot.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          36 out of 36
                          • First post
                            36/36
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received