GRE packets dropped when accessing a VPN
-
Hi,
I can connect to a VPN. GRE packets come through my firewall interfaces out to the destination IP in the cloud, but they are dropped on their way back to the firewall. I can't either reach the private IP on the other side via the VPN connection.
In some way, do I need to create a GRE tunnel as if it were another interface?
I'd appreciate some help on this issue.
Best regards,
Joe
-
Is your modem set bridge or routing?
I had once problems with my setup where one of the interfaces didn't work at web and the problem was that modem captured incoming trafic(same ip was setup in both)
So if possible use purely bridging mode
-
I really appreciate your answer. It seems your scenario and mine are not quite the same. I'm more specific this time.
I'm not using any modem at all. I setup a VPN connection to a public ip 200.x.x.x using the connection wizard on my WinXP. I connect to the VPN from behind the firewall. I see the GRE packets go out without problems as well as some other TCP packets through my pfsense firewall. However GRE packets are dropped on their way back.
Looking for answers I came to realize I could setup a GRE tunnel on Interfaces. At this point, I don't know in what way this two things could be related.
Thanks again,
Joe
-
Then I can't help sorry
-
Hi there,
I'm sorry about misunderstanding your point about the modem. I don't know why I setup my mind on a dialing modem.
How can I check up either my modem is in rounting or bridge mode? This is the first time I'm dealing with this issue.
Joe
-
when i sayed dialing?
*dsl / cable - modems do exists alsoTry to search from google with your modems/routers name and model and add username/password
-OR-
you can try this
-
I can sign in and check the settings of my modem. Is that what you mean?
Joe
-
Is your setup bridging or routing?
-
It's a routing setup!!!!
-
And you're having double nat with pfsense?
so that pfsense has something like this:
wan: 192.168.100.10 /24
lan: 192.168.1.1 /24?
-
Yes, I have
Lan: 192.168.1.2 / 24
Wan on DHCP: range 192.168.15.x / 24
As extra information, I'm doing NAt on port 80 and forwarding to one IP in the subnet.
Joe
-
Well,
GRE is part of ip, but not tcp or udp, it's not a port which you can forward to, unless you're having separate support to it.
If it is possible by anymeans, change to bridging configuration and then GRE should work a bit better
-
Got ya!!!,
I wouldn't like to switch to brigde mode since I can lose some of the advantages over routing. Meanwhile I'm accessing the VPN from a pc out of the firewall.
Now, what is the GRE tunneling on Interfaces used for?
Thanks in advanced again for all your time and help.
Joe
-
May i ask what is so big advantage to route in a modem vs firewall?
-
I focused on the advantage of routing over bridging in a firewall. I can not tell on the modem. I've bin trying to find where I can switch my modem to the bridge mode without luck. I'll check GRE on wiki. Any suggestion from you is valuable.
Joe
-
I only tried to suggest that, change your modem to bridging and use only firewall in routing mode.
that ease a bit to troubleshoot gre and other things also.