Multiple GRE bugs in 2.0.1-RELEASE



  • Hi All,

    I'm trying to setup a GRE tunnel with a Cisco 1605 but am running
    into some bugs.

    if anyone can help I would welcome their input, unless it's a snarky
    comment to use some other VPN - it so happens I don't have control
    over the other end of the tunnel - GRE is what I got to work with.

    The first bug is that when the pfsense box is rebooted the gre interface
    defined on it does not come back up.  If I click Diagnostics->Command Prompt
    and run the command "ipconfig -a" it shows gre0 as in an UP state.  But if I
    then run "ping -c1 192.168.45.1" in the Diagnostics Command Prompt
    (with 192.168.45.1 being the remote end of the GRE tunnel) it fails.  If
    I then go Diagnostics->Command Prompt and run "ipconfig gre0 down"
    followed by "ipconfig gre0 up" and then run the ping command above
    again, then I get a ping response succeeding.

    I believe the problem is during the boot sequence the router is putting
    the fxp0 WAN interface into an UP status, and the fxp0 interface is then
    taking too long to come ready, and the router is trying to up the
    gre0 interface while the fxp0 interface says it's up, but really
    isn't.

    When the gre0 interfaces gets into this state then the static routes
    that I have in the router to reach the remotes don't work either - even
    if I then go wake up the gre0 interface using the Diagnostics Command
    prompt.  To get everything to work again I basically have to delete the
    static routes, gateways, gre interface in other words rip everything out
    and put it back in.  That works until the pfsense router is rebooted again.

    The second bug I'm having is in the  Click System->Routing go into
    Routes.  I can setup a route to the remote subnet behind the GRE tunnel
    here, if I click the "add a new one" to the gateway.  The route is
    installed and packets are routed over the GRE tunnel just fine.  BUT, if
    I try to make any changes in the System Routing Gateways tab here, even
    to change the description, I can't do it because the interface complains
    that the destination IP for the route is not on the local network.  Well
    obviously, of course it's not, because the GRE tunnel is an INTERFACE IN THE
    ROUTER it is not a router on the local network nor is it stealing
    IP addresses from the local network.

    What I think is going on here is some "Net Nanny" code to check that a
    static route is reachable.

    The problem is that the Interface dropdown does not recognize GRE
    tunnels as interfaces, and so the Net Nanny error checking code goes
    spla here.

    Obviously the Net Nanny checking code is disabled when adding in a
    static route to a GRE tunnel WHEN YOUR CREATING THE TUNNEL but someone
    overlooked the Gateway interface.

    Anyway those are the biggest problems.  The router is built on a
    Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz box that has an onboard
    Realtek gigabit interface and a Intel Etherexpress Pro card plugged into
    a slot in it.  The Realtek is running gigabit to a switch, the Intel
    is running 10BaseT half-duplex to the Internet ethernet handoff from
    the ISP.  BOTH ethernet cards are set to Auto Detect speed/duplex.

    one last thing that is a minor irritation is that the Diagnostics
    Ping command also does not think the GRE tunnel is an interface and
    so you cannot select it when making a ping.  So you have to use the
    ping -c 1 trick at the command line.


Log in to reply