Why pfsense/bsd GRE packet has 4 additional bytes and protocol type 0x883e(WCCP)

trunet

Hello,

I'm troubleshooting my mikrotik -> pfsense ipsec/gre vpn, and can't make it work.

I'm following the RFC 1701 and pfsense/freebsd is replying a gre packet with 4 additional bytes and protocol type 0x883e. I think mikrotik don't understand it and drop the packet.

More info here: http://forum.mikrotik.com/viewtopic.php?f=2&t=105932&p=527709#p527709.

See attachment for decrypted esp packet showing gre protocol type in question.

trunet

A question:
If "WCCP version" is unchecked on webui, LINK2 shouldn't be enabled on ifconfig right?

That's not the case:

gre0: flags=f051 <up,pointopoint,running,link0,link1,link2,multicast>metric 0 mtu 1476
        tunnel inet 1.1.1.1 --> 2.2.2.2
        inet 172.16.0.1 --> 172.16.0.11 netmask 0xffffff00 
        inet6 fe80::250:56ff:fe0a:ebb8%gre0 prefixlen 64 scopeid 0x7 
        nd6 options=21 <performnud,auto_linklocal></performnud,auto_linklocal></up,pointopoint,running,link0,link1,link2,multicast> 

So, I think you have a bug to fix :D

jimp

Dropping a note here, as I did in your other thread: It's definitely a problem. I put a fix in 2.3 for it. https://redmine.pfsense.org/issues/6010

It's a fairly simple change, it may apply to 2.2.x directly, if not it's still simple to apply by hand if it's a show-stopper for you, though they are processed correctly at boot time as far as I can see, so adjusting them via ifconfig after creation should be OK for the time being. 2.3 will be out before too long. :-)