Static Routing over GRE Tunnel



  • I have a problem with routing over a GRE Tunnel. I have 2 Sites with a working gre tunnel. the routing between the 2 sites working form default interface and from the tunnel source (ping). All the attached and routet interfaces are responding. But when I ping with the source of a LAN Interface to the destination LAN on the other side, the pings are blocked.

    ping from site 2 source 192.168.6.1 to site 1 192.168.11.1 -> not working
    ping from site 2 source default to site 1 192.168.11.1 -> working
    ping from site 2 source 10.101.99.6 to site 1 192.168.11.1 -> working

    the firewall on both side are fully open on lan and also on the tunnel interface.

    Is there someone who can help me with the routings? How I can realise this setup?

    g.
    thomas

    
    SITE 1:
    
    WAN x.x.x.x
      GRE 10.101.99.5/30
    
    Networks:                                
    192.168.11.1/24
    192.168.21.1/24
    192.168.31.1/24
    
    Gateways:
    Default: WAN CABLE
    Tunnel: 10.101.99.6
    
    Routing:
    192.168.6.1 over GW 10.101.99.6
    
    gre0: flags=9051 <up,pointopoint,running,link0,multicast>metric 0 mtu 1468
    	tunnel inet x.x.x.x --> y.y.y.y
    	inet 10.101.99.5 --> 10.101.99.6 netmask 0xfffffffc 
    	inet6 fe80::200:24ff:fece:4630%gre0 prefixlen 64 scopeid 0x22 
    	nd6 options=3 <performnud,accept_rtadv>SITE 2:
    
    WAN y.y.y.y
      GRE 10.101.99.6/20
    
    192.168.6.1/24
    
    Geteways
    Default: WAN DSL
    Tunnel 10.101.99.6
    
    Routing:
    192.168.11.1/24 over GW 10.101.99.5
    192.168.21.1/24 over GW 10.101.99.5
    192.168.31.1/24 over GW 10.101.99.5
    
    gre0: flags=9051 <up,pointopoint,running,link0,multicast>metric 0 mtu 1468
    	tunnel inet y.y.y.y --> x.x.x.x
    	inet 10.101.99.6 --> 10.101.99.5 netmask 0xfffffffc 
    	inet6 fe80::20d:b9ff:fe29:aeb0%gre0 prefixlen 64 scopeid 0xa 
    	nd6 options=3 <performnud,accept_rtadv></performnud,accept_rtadv></up,pointopoint,running,link0,multicast></performnud,accept_rtadv></up,pointopoint,running,link0,multicast> 
    


  • The routes work from any additional interface but not from the system generated LAN interface.

    g.
    thomas



  • On the 2nd box the same problem:

    10.102.1.0/24 10.101.99.2 UG 0 0 1476 gre1 -> don't work
    10.102.11.0/24 10.101.99.2 UG 0 0 1476 gre1 -> don't work
    10.102.12.0/24 10.101.99.2 UG 0 3 1476 gre1 -> working
    10.102.21.0/24 10.101.99.2 UG 0 3 1476 gre1 -> working
    10.102.31.0/24 10.101.99.2 UG 0 3 1476 gre1 -> working

    I don't know why some subnets are working and some others not

    Anyone a idea?

    g.
    thomas



  • I found the problem  :) There was some old not cleared routing rules from a old and deleted ipsec configuration. Now all routes are working as designed.

    g.
    thomas


Log in to reply