4. GRE over IPSEC problem

GRE over IPSEC problem

  • W

    Hello
    I'm working on a project where I was hoping to use OSPF routing over a GRE tunnel over IPSEC and I've encountered some problems. To simplify things I've created a test environment outlined below.

    172.16.0.0/24(LAN)<-[Pfsense 2.0RC3]->(WAN)–>[ROUTER]<–(WAN)<-[Pfsense2.0RC3]->172.17.0.0/24

    Initially I created the GRE link on both boxes, added the interface, created allow all rules on the GRE interfaces and all was good. I could ping across the link between servers on each site and open shares etc. As GRE isn't encrypted the next step was to set up IPSEC transport (not tunnel) mode between the two firewall wan interfaces, which worked fine initially. Pinging between servers worked fine, router logs showed all traffic was in ESP sessions, however any TCP traffic between sites was blocked with the return TCP SYN/ACK being blocked by the far end firewall. This behaviour is exactly the same as described in http://forum.pfsense.org/index.php?topic=33853.0 however in this case there is only one link, and the only way for the SYN packet to get across the link is to traverse the GRE tunnel which is then dropping the return due to state issues.

    Simply unticking enable IPSEC on both firewalls allows everything to work properly using purely GRE.

    Any help would be greatly appreciated.

    Nigel

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy