GRE tunnel does not come up after reboot
-
Hi
We've recently upgraded one of our firewalls to the following snapshot:
2.1-BETA1 (amd64)
built on Sat Dec 22 10:10:57 EST 2012This firewall has a GRE tunnel to another pfsense firewall. The issue we are experiencing is that this GRE tunnel does not come up after a reboot.
We've found two possible solutions to bring the tunnel up:
1. run a tcpdump on that tunnel
2. manually enable it using ifconfigIs anyone else experiencing this?
-
There has been a lot of change since 22 Dec - I suspect it will be unlikely that someone will quickly know what might have been a problem back then. Is there a reason that you can't try the current snapshots?
Then if it is still a problem, it will be much easier to track error messages against the code base.
-
It takes a bit more work than just hitting the upgrade button in the webcfg for us, as we run a custom xenhvm kernel and also have an LDAP patch applied against /etc/inc/auth.inc. So there's an element of mount the image, copying files, editing files, etc.
In any case, I'll upgrade to the latest snapshot and report back.
-
In the meanwhile, we've tested this on the April 1 snapshot and the issue is still there.
After a reboot, the GRE tunnel is stuck in this state:
ifconfig gre0
gre0: flags=9011 <up,pointopoint,link0,multicast>metric 0 mtu 1476
tunnel inet <$IP1_MASKED> –> <$IP2_MASKED>
inet 10.10.10.1 --> 10.10.10.2 netmask 0xffffffff
inet6 fe80::216:3eff:fe01:5500%gre0 prefixlen 64 scopeid 0xa
nd6 options=3 <performnud,accept_rtadv>When we issue the command 'ifconfig gre0 up', the tunnel comes up, we can ping the other end's IP address and the tunnel's state looks like this:ifconfig gre0
gre0: flags=9051<up,pointopoint,<strong>RUNNING,LINK0,MULTICAST> metric 0 mtu 1476
tunnel inet <$IP2_MASKED> –> <$IP1_MASKED>
inet 10.10.10.1 --> 10.10.10.2 netmask 0xffffffff
inet6 fe80::216:3eff:fe01:5500%gre0 prefixlen 64 scopeid 0xa
nd6 options=3 <performnud,accept_rtadv></performnud,accept_rtadv></up,pointopoint,<strong></performnud,accept_rtadv></up,pointopoint,link0,multicast>
-
Issue is identical to what's described here:
http://www.freebsd.org/cgi/query-pr.cgi?pr=138407
and here:
http://www.freebsd.org/cgi/query-pr.cgi?pr=164475I've now installed the shellcmd package to issue '/sbin/ifconfig gre0 up' as a workaround, which solves the issue.
-
… and also have an LDAP patch applied against /etc/inc/auth.inc.
You probably know this already, but this is a quick reminder that you can submit your patches for inclusion into pfSense mainline at https://github.com/pfsense (if you don't want to keep maintaining your own diffs)
-
Thanks for the info.
Our patch is probably rather specific to our LDAP scheme though…
-
Normally we set the interface up after configuration.
Otherwise you should see on your system log "Could not bring $greif up – variable not defined."
-
Not sure what you mean when you say that it's normally set up after configuration?
-
Since you linked the FreeBSD PR's i answered that we already do that during bootup.
Check your system logs for any message like the one i put in there to see if maybe that is the case that it does not come up on bootup.If not something else is happening in your system.