Bug #11992
open
GRE Tunnel - Does not work with a virtual IP as endpoint
Added by Gabriel Argentieri almost 4 years ago.
Updated almost 4 years ago.
Category:
Virtual IP Addresses
Description
Hello,
I saw that normally this problem is solved since 6 years but I meet a problem, I did not manage to solve it.
I have a tunnel between 2 pfsense routers:
- pfsenseA
- pfsenseB
On pfsenseA:
WAN: 172.16.0.252/24
GRE: local 192.168.100.1/30 / remote 192.168.100.2/30 / endpoint 172.16.0.3
On pfsenseB:
WAN: 172.16.0.3/24
GRE: local 192.168.100.2/30 / remote 192.168.100.1/30 / endpoint 172.16.0.252
GRE tunnel works, but when I create a virtual ip type CARP with the IP 172.16.0.254/24 and I modify the endpoint on the pfsenseB side, the tunnel does not go up anymore.
However from the WAN interface from the pfsenseB in 172.16.0.3, I can ping the 172.16.0.254.
Version 2.5.1
Thanks for your help!
- Status changed from New to Confirmed
I can confirm this issue on 2.6.0.a.20210603.0100/2.5.2.b.20210603.0300 (Proxmox VM) -
I see high packet loss when using CARP as an endpoint:
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/var/log: ping -c 10 -S 192.168.100.1 192.168.100.2
PING 192.168.100.2 (192.168.100.2) from 192.168.100.1: 56 data bytes
64 bytes from 192.168.100.2: icmp_seq=4 ttl=64 time=1.137 ms
64 bytes from 192.168.100.2: icmp_seq=8 ttl=64 time=0.543 ms
64 bytes from 192.168.100.2: icmp_seq=9 ttl=64 time=0.558 ms
--- 192.168.100.2 ping statistics ---
10 packets transmitted, 3 packets received, 70.0% packet loss
round-trip min/avg/max/stddev = 0.543/0.746/1.137/0.277 ms
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/var/log: ping -c 10 -S 192.168.100.1 192.168.100.2
PING 192.168.100.2 (192.168.100.2) from 192.168.100.1: 56 data bytes
--- 192.168.100.2 ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/var/log:
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/var/log: ping -c 10 -S 192.168.100.1 192.168.100.2
PING 192.168.100.2 (192.168.100.2) from 192.168.100.1: 56 data bytes
64 bytes from 192.168.100.2: icmp_seq=0 ttl=64 time=0.531 ms
64 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=0.540 ms
64 bytes from 192.168.100.2: icmp_seq=2 ttl=64 time=0.471 ms
64 bytes from 192.168.100.2: icmp_seq=3 ttl=64 time=0.521 ms
64 bytes from 192.168.100.2: icmp_seq=4 ttl=64 time=0.462 ms
--- 192.168.100.2 ping statistics ---
10 packets transmitted, 5 packets received, 50.0% packet loss
round-trip min/avg/max/stddev = 0.462/0.505/0.540/0.032 ms
no "Block bogon networks" or "Block private networks and loopback addresses" on GRE interfaces
firewall rules - "allow any any"
see also https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=166462
Also available in: Atom
PDF
Updated by Viktor Gurov