pfSense Gold Subscription

Author Topic: Setting up GRE tunnel  (Read 133 times)

0 Members and 1 Guest are viewing this topic.

Offline glennonline

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Setting up GRE tunnel
« on: January 10, 2018, 03:30:16 pm »
I'm trying to set-up a GRE tunnel in order to obtain additional IP addresses for our connection, but the provider is only able to provide Mikrotik instructions.
This is what we received:
cd /sbin

./insmod /lib/modules/`uname -r`/kernel/net/ipv4/ip_gre.ko

./ip tunnel add tun_extra_ip mode gre local 62.45.210.XX remote 37.148.192.XX ttl 225

./ifconfig tun_extra_ip up

 cd /sbin

./ifconfig tun_extra_ip 37.148.198.XX/29

 

./ifconfig eth0:22 37.148.198.XX/29 up

./ifconfig eth0:23 37.148.198.XX/29 up

./ifconfig eth0:24 37.148.198.XX/29 up

./ifconfig eth0:25 37.148.198.XX/29 up

So basically, what I'm wondering is, how can I correctly set this up?
Should I add the ./ifconfig eth0:22 37.148.198.XX/29 lines  as virtual IP's? How can I check if the GRE tunnel is up?
What should I enter at GRE tunnel remote address?

Thanks for anyone who can shed a light on this, your help is much appreciated.

Offline Grimson

  • Full Member
  • ***
  • Posts: 250
  • Karma: +34/-2
    • View Profile
Re: Setting up GRE tunnel
« Reply #1 on: January 10, 2018, 03:33:32 pm »

Offline glennonline

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Setting up GRE tunnel
« Reply #2 on: January 10, 2018, 03:46:53 pm »
I did read that ofcourse, but I'm unable to get it working correctly, when I enable the interface some websites become unreachable, I suspect it has something to do with the "GRE tunnel subnet" but it's not really clear to me what value is the correct one.

As said, I already read the manual, but how the instructions I received apply to the manual is not clear to me, if you could point me into the right direction (like yes, the additional IP addresses should be entered at the virtual IP's, or which IP address should be put in the Remote tunnel IP address field that would already be of much help.

Offline glennonline

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Setting up GRE tunnel
« Reply #3 on: January 13, 2018, 07:27:42 pm »
Hi Grimson (or anyone else)

I hope someone can still help me out with this issue, as I'm not getting any further with this issue.

When I add the GRE tunnel and enable the interface (as per the manual) some websites are becoming unreachable, disabling the interface again solves this issue, anyone who can tell me what could be the cause of this?
Furthermore, when trying to add a virtual IP, I get the following error:
The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP.

Since the manual explicitly mentions that the IP type should be set to none I am unaware of where I can add the IP addresses as mentioned in the scrip.t

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9583
  • Karma: +1084/-309
    • View Profile
Re: Setting up GRE tunnel
« Reply #4 on: January 13, 2018, 10:12:37 pm »
What breaks? DNS? Actual connectivity?

"Cannot reach some web sites" is not a trouble description that any network administrator should be giving.

You will notice in their example that they are adding the VIPs to eth0, not to the GRE tunnel.

Try using /32 IP Alias VIPs on localhost.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline glennonline

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Setting up GRE tunnel
« Reply #5 on: January 14, 2018, 08:28:35 am »
Hi Derelict,

You are right, that is not a very helpful description of my issue.
After enabling the interface which has the GRE tunnel as the network port IPv4 websites become unreachable, while IPv6 websites are still reachable.
In the attachment i've added the configuration of the GRE tunnel.

Basically the first problem would be the loss of IPv4 connectivity would be the primary concern.
When I try to ping from the WAN interface to for instance 8.8.8.8 it gives back timeout, while for the back-up internet connection this remains working.

I hope this clarifies the issue and someone can point me into the right direction.