I'm currently experimenting with running OSPF over GRE/IPsec
IKE Phase 1 between 2 routers (R1 & R2) public IP addresses, PPPoE client interface - established
IKE Phase 2 IPSec (R1) 10.5.0.0/16 <--> (R2) 10.0.0.0/16 - established (this works fine and has done for some time)
GRE Tunnel established:
(R1) interface address 192.168.10.1/30 tunnel local: 10.5.0.254 remote: 10.0.0.254
(R2) interface address 192.168.10.2/30 tunnel local: 10.0.0.254 remote: 10.5.0.254
OSPF peer-to-peer link established between (R1) 192.168.10.1 & (R2) 192.168.10.2
OSPF connected routes (with filters) exchanged between routers:
172.25.5.0/24 - connected route on R1, OSPF route via 192.168.10.2 reachable via GRE interface on R2
172.25.0.0/24 - connected route on R2, OSPF route via 192.168.10.1 reachable via GRE interface on R1
IP Firewall Filter rules (amongst others):
R1 forward chain src: 10.5.0.0/16 dst: 172.25.0.0/24 action: accept
R2 input chain src: 10.5.0.0/16 dst: 172.25.0.0/24 action: accept
IP NAT rules (amongst others):
R1 srcnat chain src: 10.5.0.0/16 dst: 172.25.0.0/24 action: accept
R2 srcnat chain src: 172.25.0.0/24 dst: 10.5.0.0/16 action: accept
Tried to ping dst: 172.25.0.254 from src: 10.5.1.5
Using Torch on both R1 & R2, I see OSPF passing over the GRE interface, but I do not see the ICMP traffic from 10.5.1.5 on either router.
If I check the VLAN interface for 10.5.0.0/16, I see the traffic arriving on R1.
Any ideas? Am I missing something? Trying to achieve the impossible?
P.S. I have successfully established routing over OSPF between a direct physical Ethernet connection of R1 & R3..
R1: 192.168.32.1/30
R3: 192.168.32.2/30
10.5.0.0/16 on R1 has two way traffic flow with 192.168.100.0/24 on R3, connected routes exchanged both ways (with filters) between R1 & R3. R1 also advertising default route to R3 which is working.
So it seems I can manage OSPF over a direct connection, but when I try to add a tunnel into the mix, I'm failing...