Why pfsense/bsd GRE packet has 4 additional bytes and protocol type 0x883e(WCCP)
-
Hello,
I'm troubleshooting my mikrotik -> pfsense ipsec/gre vpn, and can't make it work.
I'm following the RFC 1701 and pfsense/freebsd is replying a gre packet with 4 additional bytes and protocol type 0x883e. I think mikrotik don't understand it and drop the packet.
More info here: http://forum.mikrotik.com/viewtopic.php?f=2&t=105932&p=527709#p527709.
See attachment for decrypted esp packet showing gre protocol type in question.
-
A question:
If "WCCP version" is unchecked on webui, LINK2 shouldn't be enabled on ifconfig right?That's not the case:
gre0: flags=f051 <up,pointopoint,running,link0,link1,link2,multicast>metric 0 mtu 1476 tunnel inet 1.1.1.1 --> 2.2.2.2 inet 172.16.0.1 --> 172.16.0.11 netmask 0xffffff00 inet6 fe80::250:56ff:fe0a:ebb8%gre0 prefixlen 64 scopeid 0x7 nd6 options=21 <performnud,auto_linklocal></performnud,auto_linklocal></up,pointopoint,running,link0,link1,link2,multicast>
So, I think you have a bug to fix :D
-
Dropping a note here, as I did in your other thread: It's definitely a problem. I put a fix in 2.3 for it. https://redmine.pfsense.org/issues/6010
It's a fairly simple change, it may apply to 2.2.x directly, if not it's still simple to apply by hand if it's a show-stopper for you, though they are processed correctly at boot time as far as I can see, so adjusting them via ifconfig after creation should be OK for the time being. 2.3 will be out before too long. :-)