Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense can't reply icmp data package on gre interface

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    5 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blackjack550
      last edited by

      hi,all
         i have been built gre tunnel successful.but i can't finish it now.please help me!

      i set a rule on WAN interface to allow access peer pfsense by any protocol.

      tcpdump 'proto GRE'
         07:45:11.273303 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 668, length 64
      07:45:12.299614 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 669, length 64
      07:45:13.318679 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 670, length 64
      07:45:14.342119 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 671, length 64
      07:45:15.363934 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 672, length 64
      07:45:16.383495 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 673, length 64

      pf -ss
             all gre 124.207.103.134 <- 220.231.27.136       NO_TRAFFIC:SINGL

      And then, #pfctl -d to stop pf
           07:47:48.703967 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 822, length 64
      07:47:48.704018 IP 124.207.103.134 > 220.231.27.136: GREv0, length 88: IP beijing124-gw-backup.localdomain > 192.168.95.1: ICMP echo reply, id 54537, seq 822, length 64
      07:47:49.724780 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 823, length 64
      07:47:49.724824 IP 124.207.103.134 > 220.231.27.136: GREv0, length 88: IP beijing124-gw-backup.localdomain > 192.168.95.1: ICMP echo reply, id 54537, seq 823, length 64
      07:47:50.746968 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 824, length 64
      07:47:50.747022 IP 124.207.103.134 > 220.231.27.136: GREv0, length 88: IP beijing124-gw-backup.localdomain > 192.168.95.1: ICMP echo reply, id 54537, seq 824, length 64
            i can resolve it though echo "set skip on {gre0}|pfctl -mf -"
            but, i can't resolve it via web interface.  how to change pfsene, i can use gre tunnel normally

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Did you add firewall rules on the GRE tab that shows up after you enable GRE?

        I was able to get responses last time I built a GRE tunnel and added rules, but GIF tunnels didn't reply (though that may have been related to the bridging I was doing, which worked great with the GIF tunnel but not GRE…

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B
          blackjack550
          last edited by

          thx for your reply,  i can't change my firewall rule.because , i can't find gre tab. my firmware at  "built on Sun Oct 10 21:21:46 EDT 2010
          FreeBSD 8.1-RELEASE-p1".  i can‘t upgrade my firmware. the version Dec 8 carp stats always stay at "init"

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            So upgrade to a current snapshot - CARP is fine, has been for several days now.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • B
              blackjack550
              last edited by

              thx i will test current version. i hope i can import current configuration to the new version.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.