• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

GRE Tunnel can ping internal but can ping external

Scheduled Pinned Locked Moved General pfSense Questions
3 Posts 2 Posters 162 Views 2 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G Offline
    G_Costa
    last edited by G_Costa May 19, 2024, 1:34 PM May 19, 2024, 1:33 PM

    This post is deleted!
    G 1 Reply Last reply May 19, 2024, 6:09 PM Reply Quote 0
    • G Offline
      G_Costa @G_Costa
      last edited by May 19, 2024, 6:09 PM

      Update:
      a0a144b4-f74b-4444-b68f-c923e9db2bc0-image.png
      Now i can ping any IP or DNS without any trouble just by adding the rule with GRE Gateway but for some reason curl, wget, nslookup dont work, any ideas?

      1 Reply Last reply Reply Quote 0
      • S Offline
        stephenw10 Netgate Administrator
        last edited by May 19, 2024, 11:20 PM

        Yeah you need to policy route traffic over the GRE tunnel otherwise it will jst use the default gateway which is probably the WAN.

        If ICMP and UDP work but TCP fails you probably have an asymmetric route in there somewhere.

        You only need 1:1 NAT at the remote end. You don't need the port forwards. The outbound NAT rules you have there are wrong and not doing anything anyway. But you don't need those either.

        You didn't show it but I assume you have a static route at the remote side for the local NEW_LAN subvnet via the GRE tunnel.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received