Pfsense can't reply icmp data package on gre interface
-
hi,all
i have been built gre tunnel successful.but i can't finish it now.please help me!i set a rule on WAN interface to allow access peer pfsense by any protocol.
tcpdump 'proto GRE'
07:45:11.273303 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 668, length 64
07:45:12.299614 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 669, length 64
07:45:13.318679 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 670, length 64
07:45:14.342119 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 671, length 64
07:45:15.363934 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 672, length 64
07:45:16.383495 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 673, length 64pf -ss
all gre 124.207.103.134 <- 220.231.27.136 NO_TRAFFIC:SINGLAnd then, #pfctl -d to stop pf
07:47:48.703967 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 822, length 64
07:47:48.704018 IP 124.207.103.134 > 220.231.27.136: GREv0, length 88: IP beijing124-gw-backup.localdomain > 192.168.95.1: ICMP echo reply, id 54537, seq 822, length 64
07:47:49.724780 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 823, length 64
07:47:49.724824 IP 124.207.103.134 > 220.231.27.136: GREv0, length 88: IP beijing124-gw-backup.localdomain > 192.168.95.1: ICMP echo reply, id 54537, seq 823, length 64
07:47:50.746968 IP 220.231.27.136 > 124.207.103.134: GREv0, length 88: IP 192.168.95.1 > beijing124-gw-backup.localdomain: ICMP echo request, id 54537, seq 824, length 64
07:47:50.747022 IP 124.207.103.134 > 220.231.27.136: GREv0, length 88: IP beijing124-gw-backup.localdomain > 192.168.95.1: ICMP echo reply, id 54537, seq 824, length 64
i can resolve it though echo "set skip on {gre0}|pfctl -mf -"
but, i can't resolve it via web interface. how to change pfsene, i can use gre tunnel normally -
Did you add firewall rules on the GRE tab that shows up after you enable GRE?
I was able to get responses last time I built a GRE tunnel and added rules, but GIF tunnels didn't reply (though that may have been related to the bridging I was doing, which worked great with the GIF tunnel but not GRE…
-
thx for your reply, i can't change my firewall rule.because , i can't find gre tab. my firmware at "built on Sun Oct 10 21:21:46 EDT 2010
FreeBSD 8.1-RELEASE-p1". i can‘t upgrade my firmware. the version Dec 8 carp stats always stay at "init" -
So upgrade to a current snapshot - CARP is fine, has been for several days now.
-
thx i will test current version. i hope i can import current configuration to the new version.
