Multiple GRE bugs in 2.0.1-RELEASE
tedm last edited by
I'm trying to setup a GRE tunnel with a Cisco 1605 but am running
into some bugs.
if anyone can help I would welcome their input, unless it's a snarky
comment to use some other VPN - it so happens I don't have control
over the other end of the tunnel - GRE is what I got to work with.
The first bug is that when the pfsense box is rebooted the gre interface
defined on it does not come back up. If I click Diagnostics->Command Prompt
and run the command "ipconfig -a" it shows gre0 as in an UP state. But if I
then run "ping -c1 192.168.45.1" in the Diagnostics Command Prompt
(with 192.168.45.1 being the remote end of the GRE tunnel) it fails. If
I then go Diagnostics->Command Prompt and run "ipconfig gre0 down"
followed by "ipconfig gre0 up" and then run the ping command above
again, then I get a ping response succeeding.
I believe the problem is during the boot sequence the router is putting
the fxp0 WAN interface into an UP status, and the fxp0 interface is then
taking too long to come ready, and the router is trying to up the
gre0 interface while the fxp0 interface says it's up, but really
When the gre0 interfaces gets into this state then the static routes
that I have in the router to reach the remotes don't work either - even
if I then go wake up the gre0 interface using the Diagnostics Command
prompt. To get everything to work again I basically have to delete the
static routes, gateways, gre interface in other words rip everything out
and put it back in. That works until the pfsense router is rebooted again.
The second bug I'm having is in the Click System->Routing go into
Routes. I can setup a route to the remote subnet behind the GRE tunnel
here, if I click the "add a new one" to the gateway. The route is
installed and packets are routed over the GRE tunnel just fine. BUT, if
I try to make any changes in the System Routing Gateways tab here, even
to change the description, I can't do it because the interface complains
that the destination IP for the route is not on the local network. Well
obviously, of course it's not, because the GRE tunnel is an INTERFACE IN THE
ROUTER it is not a router on the local network nor is it stealing
IP addresses from the local network.
What I think is going on here is some "Net Nanny" code to check that a
static route is reachable.
The problem is that the Interface dropdown does not recognize GRE
tunnels as interfaces, and so the Net Nanny error checking code goes
Obviously the Net Nanny checking code is disabled when adding in a
static route to a GRE tunnel WHEN YOUR CREATING THE TUNNEL but someone
overlooked the Gateway interface.
Anyway those are the biggest problems. The router is built on a
Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz box that has an onboard
Realtek gigabit interface and a Intel Etherexpress Pro card plugged into
a slot in it. The Realtek is running gigabit to a switch, the Intel
is running 10BaseT half-duplex to the Internet ethernet handoff from
the ISP. BOTH ethernet cards are set to Auto Detect speed/duplex.
one last thing that is a minor irritation is that the Diagnostics
Ping command also does not think the GRE tunnel is an interface and
so you cannot select it when making a ping. So you have to use the
ping -c 1 trick at the command line.