Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GRE over IPSEc Transport mode, routing problem

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      Stephane
      last edited by

      Hi all,
      First my lab :
      Using pfsense 2.0,
      2 sites 2 pfsense boxes on each with CARP.
      GRE over IPSec transport mode.
      Webserver (10.150.1.5)<->pfsenseB(LAN_CARP:10.150.1.1)(GRE:192.168.1.1)(Wan_Carp:70.70.70.1)<->RouterB>-<routerc>-<pfsensec(lan_carp:10.155.1.1)(gre:192.168.1.2)(wan_carp:80.80.80.1)>- <pc(10.155.1.5)<br>pfsenseB Routes
      Destination Gateway Flags Refs Use Mtu Netif Expire
      default 70.70.70.5 UGS 8 15657 1500 em1
      10.150.1.0/24 link#3 U 0 3028 1500 em2
      10.150.1.1 link#9 UH 0 0 1500 vip1
      10.150.1.2 link#3 UHS 0 0 16384 lo0
      10.155.0.0/16 192.168.1.2 UGS 0 6 1476 gre0
      70.70.70.0/29 link#2 U 0 3611 1500 em1
      70.70.70.1 link#10 UH 0 0 1500 vip2
      70.70.70.2 link#2 UHS 0 0 16384 lo0
      127.0.0.1 link#8 UH 0 75 16384 lo0
      172.16.0.0/30 link#4 U 0 6168 1500 em3
      172.16.0.1 link#4 UHS 0 0 16384 lo0
      192.168.1.1 link#11 UHS 0 0 16384 lo0
      192.168.1.2 link#11 UH 0 3828 1476 gre0

      pfsenseC Routes
      default 80.80.80.5 UGS 7 15293 1500 em1
      10.150.0.0/16 192.168.1.1 UGS 0 18 1476 gre0
      10.155.1.0/24 link#3 U 0 1988 1500 em2
      10.155.1.1 link#9 UH 0 0 1500 vip1
      10.155.1.2 link#3 UHS 0 0 16384 lo0
      80.80.80.0/29 link#2 U 0 3511 1500 em1
      80.80.80.1 link#10 UH 0 0 1500 vip2
      80.80.80.2 link#2 UHS 0 0 16384 lo0
      127.0.0.1 link#8 UH 0 69 16384 lo0
      172.16.255.0/30 link#4 U 0 0 1500 em3
      172.16.255.1 link#4 UHS 0 0 16384 lo0
      192.168.1.1 link#11 UH 0 3645 1476 gre0
      192.168.1.2 link#11 UHS 0 0 16384 lo0

      I'have open everything for the test in the firewall rules.
      I can ping fom PC to Webserver but I can't access the webpages on it.

      The firewall log on PC side : pass LAN   10.155.1.5:38064   10.150.1.5:80 TCP:S
      The firewall log on webserver side : block GREtopfsenseC   10.150.1.5:80   10.155.1.5:38064 TCP:SA
      If I disable IPSec, I can see the pages on the webserver.
      Does anybody have any idea to fix this issue ?
      Thanks.
      Stephane</pc(10.155.1.5)<br></pfsensec(lan_carp:10.155.1.1)(gre:192.168.1.2)(wan_carp:80.80.80.1)></routerc>

      1 Reply Last reply Reply Quote 0
      • S Offline
        Stephane
        last edited by

        I think that the following link is the answer for my problem in freebsd but how to do it in pfsense ?
        http://www.mail-archive.com/misc@openbsd.org/msg80590.html

        Stephane

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.