Why pfsense/bsd GRE packet has 4 additional bytes and protocol type 0x883e(WCCP)



  • Hello,

    I'm troubleshooting my mikrotik -> pfsense ipsec/gre vpn, and can't make it work.

    I'm following the RFC 1701 and pfsense/freebsd is replying a gre packet with 4 additional bytes and protocol type 0x883e. I think mikrotik don't understand it and drop the packet.

    More info here: http://forum.mikrotik.com/viewtopic.php?f=2&t=105932&p=527709#p527709.

    See attachment for decrypted esp packet showing gre protocol type in question.



  • A question:
    If "WCCP version" is unchecked on webui, LINK2 shouldn't be enabled on ifconfig right?

    That's not the case:

    gre0: flags=f051 <up,pointopoint,running,link0,link1,link2,multicast>metric 0 mtu 1476
            tunnel inet 1.1.1.1 --> 2.2.2.2
            inet 172.16.0.1 --> 172.16.0.11 netmask 0xffffff00 
            inet6 fe80::250:56ff:fe0a:ebb8%gre0 prefixlen 64 scopeid 0x7 
            nd6 options=21 <performnud,auto_linklocal></performnud,auto_linklocal></up,pointopoint,running,link0,link1,link2,multicast> 
    

    So, I think you have a bug to fix :D


  • Rebel Alliance Developer Netgate

    Dropping a note here, as I did in your other thread: It's definitely a problem. I put a fix in 2.3 for it. https://redmine.pfsense.org/issues/6010

    It's a fairly simple change, it may apply to 2.2.x directly, if not it's still simple to apply by hand if it's a show-stopper for you, though they are processed correctly at boot time as far as I can see, so adjusting them via ifconfig after creation should be OK for the time being. 2.3 will be out before too long. :-)


Log in to reply