GRE over L2TP / IPSEC



  • Hi,

    I have a site A with a pfsense and a public static IP, additional I have multiple sites B that are Mikrotik RouterBoard boxes behind different NAT and with dynamic IP's. To make it easier we for now think of only one site B.
    Since Mikrotik doesn't support OpenVPN over UDP I want to establish an L2TP tunnel from the Mikrotik to the pfsense.
    This works fine, also in that L2TP tunnel I created an IPSEC transport mode tunnel. This also works fine.
    To Route between the sites I now need to establish GRE tunnels and this seems to be impossible, because the interface I would need to establish the GRE tunnel on would be the ptp interface of the L2TP connection that doesn't exist.
    Also when in diagnostic ping I can't ping from anything else than default the L2TP client, it seems no interface has the L2TP server address?
    I have the same problem when I would try to do just routing without IPSEC in the L2TP tunnel or when trying to setup a tunnel IPSEC instead of transport.

    I couldn't find anything on that topic, although I don't think it is that uncommon. Happy to hear any ideas.



  • I could half way solve the problem with adding a device without any configuration as l2tp0 and connect one side B and configure the GRE tunnel on that device. If I now could somehow either configure the GRE tunnel to use just other end of the ptp or have each site B using the same l2tp device this would be solved but I think it is not. I wonder if it would be possible to run a custom script on l2tp interface up that sets the GRE endpoint to ptp end?


Log in to reply