Project

General

Profile

Actions
Copy link

Bug #11992

open

GRE Tunnel - Does not work with a virtual IP as endpoint

Added by Gabriel Argentieri almost 3 years ago. Updated almost 3 years ago.

Status:
Confirmed
Priority:
High
Assignee:
-
Category:
Virtual IP Addresses
Target version:
-
Start date:
06/03/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.1
Affected Architecture:

Description

Hello,

I saw that normally this problem is solved since 6 years but I meet a problem, I did not manage to solve it.

I have a tunnel between 2 pfsense routers:
- pfsenseA
- pfsenseB

On pfsenseA:
WAN: 172.16.0.252/24
GRE: local 192.168.100.1/30 / remote 192.168.100.2/30 / endpoint 172.16.0.3

On pfsenseB:
WAN: 172.16.0.3/24
GRE: local 192.168.100.2/30 / remote 192.168.100.1/30 / endpoint 172.16.0.252

GRE tunnel works, but when I create a virtual ip type CARP with the IP 172.16.0.254/24 and I modify the endpoint on the pfsenseB side, the tunnel does not go up anymore.

However from the WAN interface from the pfsenseB in 172.16.0.3, I can ping the 172.16.0.254.

Version 2.5.1

Thanks for your help!

Actions
Copy link
 #1

Updated by Viktor Gurov almost 3 years ago

  • Status changed from New to Confirmed

I can confirm this issue on 2.6.0.a.20210603.0100/2.5.2.b.20210603.0300 (Proxmox VM) -

I see high packet loss when using CARP as an endpoint:

[2.6.0-DEVELOPMENT][root@pf41.localdomain]/var/log: ping -c 10 -S 192.168.100.1 192.168.100.2
PING 192.168.100.2 (192.168.100.2) from 192.168.100.1: 56 data bytes
64 bytes from 192.168.100.2: icmp_seq=4 ttl=64 time=1.137 ms
64 bytes from 192.168.100.2: icmp_seq=8 ttl=64 time=0.543 ms
64 bytes from 192.168.100.2: icmp_seq=9 ttl=64 time=0.558 ms

--- 192.168.100.2 ping statistics ---
10 packets transmitted, 3 packets received, 70.0% packet loss
round-trip min/avg/max/stddev = 0.543/0.746/1.137/0.277 ms
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/var/log: ping -c 10 -S 192.168.100.1 192.168.100.2
PING 192.168.100.2 (192.168.100.2) from 192.168.100.1: 56 data bytes

--- 192.168.100.2 ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/var/log: 
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/var/log: ping -c 10 -S 192.168.100.1 192.168.100.2
PING 192.168.100.2 (192.168.100.2) from 192.168.100.1: 56 data bytes
64 bytes from 192.168.100.2: icmp_seq=0 ttl=64 time=0.531 ms
64 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=0.540 ms
64 bytes from 192.168.100.2: icmp_seq=2 ttl=64 time=0.471 ms
64 bytes from 192.168.100.2: icmp_seq=3 ttl=64 time=0.521 ms
64 bytes from 192.168.100.2: icmp_seq=4 ttl=64 time=0.462 ms

--- 192.168.100.2 ping statistics ---
10 packets transmitted, 5 packets received, 50.0% packet loss
round-trip min/avg/max/stddev = 0.462/0.505/0.540/0.032 ms

no "Block bogon networks" or "Block private networks and loopback addresses" on GRE interfaces
firewall rules - "allow any any"

see also https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=166462

Actions
Copy link

Also available in: Atom PDF