GRE over IPSEc Transport mode, routing problem



  • Hi all,
    First my lab :
    Using pfsense 2.0,
    2 sites 2 pfsense boxes on each with CARP.
    GRE over IPSec transport mode.
    Webserver (10.150.1.5)<->pfsenseB(LAN_CARP:10.150.1.1)(GRE:192.168.1.1)(Wan_Carp:70.70.70.1)<->RouterB>-<routerc>-<pfsensec(lan_carp:10.155.1.1)(gre:192.168.1.2)(wan_carp:80.80.80.1)>- <pc(10.155.1.5)<br>pfsenseB Routes
    Destination Gateway Flags Refs Use Mtu Netif Expire
    default 70.70.70.5 UGS 8 15657 1500 em1
    10.150.1.0/24 link#3 U 0 3028 1500 em2
    10.150.1.1 link#9 UH 0 0 1500 vip1
    10.150.1.2 link#3 UHS 0 0 16384 lo0
    10.155.0.0/16 192.168.1.2 UGS 0 6 1476 gre0
    70.70.70.0/29 link#2 U 0 3611 1500 em1
    70.70.70.1 link#10 UH 0 0 1500 vip2
    70.70.70.2 link#2 UHS 0 0 16384 lo0
    127.0.0.1 link#8 UH 0 75 16384 lo0
    172.16.0.0/30 link#4 U 0 6168 1500 em3
    172.16.0.1 link#4 UHS 0 0 16384 lo0
    192.168.1.1 link#11 UHS 0 0 16384 lo0
    192.168.1.2 link#11 UH 0 3828 1476 gre0

    pfsenseC Routes
    default 80.80.80.5 UGS 7 15293 1500 em1
    10.150.0.0/16 192.168.1.1 UGS 0 18 1476 gre0
    10.155.1.0/24 link#3 U 0 1988 1500 em2
    10.155.1.1 link#9 UH 0 0 1500 vip1
    10.155.1.2 link#3 UHS 0 0 16384 lo0
    80.80.80.0/29 link#2 U 0 3511 1500 em1
    80.80.80.1 link#10 UH 0 0 1500 vip2
    80.80.80.2 link#2 UHS 0 0 16384 lo0
    127.0.0.1 link#8 UH 0 69 16384 lo0
    172.16.255.0/30 link#4 U 0 0 1500 em3
    172.16.255.1 link#4 UHS 0 0 16384 lo0
    192.168.1.1 link#11 UH 0 3645 1476 gre0
    192.168.1.2 link#11 UHS 0 0 16384 lo0

    I'have open everything for the test in the firewall rules.
    I can ping fom PC to Webserver but I can't access the webpages on it.

    The firewall log on PC side : pass LAN   10.155.1.5:38064   10.150.1.5:80 TCP:S
    The firewall log on webserver side : block GREtopfsenseC   10.150.1.5:80   10.155.1.5:38064 TCP:SA
    If I disable IPSec, I can see the pages on the webserver.
    Does anybody have any idea to fix this issue ?
    Thanks.
    Stephane</pc(10.155.1.5)<br></pfsensec(lan_carp:10.155.1.1)(gre:192.168.1.2)(wan_carp:80.80.80.1)></routerc>



  • I think that the following link is the answer for my problem in freebsd but how to do it in pfsense ?
    http://www.mail-archive.com/misc@openbsd.org/msg80590.html

    Stephane


Locked