Community discussions

MikroTik App
 
anushkaudeshan
newbie
Topic Author
Posts: 29
Joined: Mon Jul 24, 2017 2:33 am

GRE Tunnel Connected Successfully but Cant pint internal IP subnets

Tue Aug 21, 2018 8:13 pm

Hi Everyone!

We have two routers configured with GRE tunnel and have established the connection between two routers. but non of the routers cant ping internal subnet ips from each side. all the routes are learned from each routers and filled with routing table but still no access. both routers running BGP along with the GRE tunnel. I only configured GRE Tunnel and assigned LAN subnet to bridge interface/nat rule as masquerade/BGP with internal IP subnet so other router will learn. GRE is established. Other than what I configured, are there any other configs to be made to make the internal ips connectivity.

When a traceroute performed from one router to other router's internal ip address, routing fails from other routers GRE interface.

Please refer to below script from client router

/interface bridge
add l2mtu=1598 name=bridge1
/interface gre
add comment=9472xxxxxxx dscp=inherit name=GRE-RDB-BR-Baddegama \
remote-address=10.134.0.210(Remote MKT Router)
/ip neighbor discovery
set GRE-RDB-BR-Baddegama comment=9472xxxxxxx
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc,aes-192-cbc,aes-256-cbc
/routing bgp instance
set default as=65501
/system logging action
set 3 remote=0.0.0.0
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip address
add address=10.2.17.1/24 interface=bridge1 network=10.2.17.0 (LAN IP Subnet for local Clients)
add address=20.1.158.2/24(Client router GRE Interface IP) interface=GRE-RDB-BR-Mirisswatte network=20.1.158.0
/ip firewall nat
add action=masquerade chain=srcnat
/ip hotspot user
add comment="counters and limits for trial users" name=default-trial
/ip ipsec policy
add template=yes
/ip upnp
set allow-disable-external-interface=no
/routing bgp network
add network=10.2.17.0/24(Local subnet)
/routing bgp peer
add name=peer1 remote-address=20.1.158.1(Remote MKT GRE Interface) remote-as=65501

Please help me to solve this issue!

Thanks in advance! :)
 
chriscolden
just joined
Posts: 12
Joined: Fri May 04, 2018 3:41 pm

Re: GRE Tunnel Connected Successfully but Cant pint internal IP subnets

Fri Aug 24, 2018 3:21 pm

I have the same issue I think.

I cannot push traffic along the gre tunnels even though they are up, routes are correct. I can see the traffic hitting the allow firewall rule.

This was all working as expected ROS. I know they have made some changes to IPSEC in the latest version 6.42.7 but I don't know if its related.

One thing I have noticed is that if the other end tries to ping me, the tunnel starts pushing data in both directions, but after a while, it dies again and no traffic flows.

Chris
 
User avatar
sri2007
Member Candidate
Member Candidate
Posts: 205
Joined: Wed May 20, 2015 10:14 pm
Location: Lake Grove, NY

Re: GRE Tunnel Connected Successfully but Cant pint internal IP subnets

Wed Sep 05, 2018 5:32 pm

Hello, do you have any firewall rules enabled? The first step for me will be testing that you can reach the remote router by sourcing the local side of that tunnel, if you can do that, then I'll configure that IP as local-address on each GRE tunnel, then you'll need to double check if there is any rule dropping packets comming/going from/to the protocol=47, and if you have any nat rule you'll need to check if that is properly configured.

Do you get any log message about this GRE connection?

Who is online

Users browsing this forum: No registered users and 12 guests