Project

General

Profile

Bug #4450

GRE Tunnel does not work if one of the endpoints is an IP Alias

Added by Jonathan Black over 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
Interfaces
Target version:
Start date:
02/19/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

See https://forum.pfsense.org/index.php?topic=88947.0 for more details.

I've reproduced this issue on two sets of equipment now.

Using the network map in the link above:

A GRE tunnel from 192.168.26.1 (IP Alias for R1) to 192.168.26.2 (WAN2 for R2) does not work.

If I change the IP endpoints to 192.168.25.1 (WAN for R1) to 192.168.25.1 (WAN for R2) it works fine.

Additionally when the GRE tunnel is attempting to use the IP Alias on R1 (Router with the IP Alias) it indicates the tunnel is down. I also see from packet captures, GRE pings from R2 to R1, but R1 never responds when it is using an IP Alias.

Associated revisions

Revision 2a5960b0 (diff)
Added by Luiz Souza over 3 years ago

Review of CARP uniqid changes.

It turns out that current CARP implementation is not much different from an IP alias.

This commit converts the IP alias to also use the CARP uniqid scheme, this simplify the code in all other places because now we have only two different cases to deal with:

- A friendly interface name (lan, wan, opt1, etc.);
- A Virtual IP - VIP alias (_vip{$uniqid}) - CARP or IP Alias.

The parent of a CARP is always a friendly interface. The parent of an IP alias can be a friendly interface or a CARP (this is the only case of recursion of a VIP).

This commit removes a few cases where CARP were still considered a interface (the old CARP implementation), fixes all the wrong cases of strpos() being used to detect a VIP address (wont work as it returns '0' which fails when tested as 'TRUE'), review the usage of CARP and IP alias as services bind addresses, fixes general issues of adding and editing VIP addresses.

The following subsystems were affected by this changes:

- IPSEC;
- OpenVPN;
- dnsmasq;
- NTP;
- gateways and gateway groups;
- IPv6 RA;
- GRE interfaces;
- CARP status;
- Referrer authentication.

Fixes (and/or revisit) the following tickets:

- Ticket #3257
- Ticket #3716
- Ticket #4450
- Ticket #4858
- Ticket #5441
- Ticket #5442
- Ticket #5500
- Ticket #5783
- Ticket #5844

Revision 67c3b4dc (diff)
Added by Chris Buechler over 3 years ago

Return loopback description for friendly interface. noticed as part of Ticket #4450, applicable across a variety of things.

History

#1 Updated by Jim Thompson over 3 years ago

  • Assignee set to Luiz Souza
  • Target version set to 2.3

#2 Updated by Luiz Souza over 3 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

This is now fixed. Thanks!

#3 Updated by Chris Buechler over 3 years ago

  • Status changed from Resolved to Feedback
  • Assignee changed from Luiz Souza to Chris Buechler
  • Affected Version changed from 2.2 to All

to me to confirm

#4 Updated by Chris Buechler over 3 years ago

  • Status changed from Feedback to Resolved

works

Also available in: Atom PDF