Community discussions

MUM Europe 2020
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Wed Nov 25, 2015 9:54 pm

Ensure GRE is going trough IPsec with Firewall

Thu Apr 04, 2019 12:38 pm

Hi there,
i am currently strugeling a litte bit.
To get gre working through ipsec i need to add a rule to allow gre from the same source where the ipsec establishes.
So if i understand that right that gre would be open as port from this source?

If i disable those rule gre won't work any more.

So what is the right way to do this?
 
Sob
Forum Guru
Forum Guru
Posts: 4889
Joined: Mon Apr 20, 2009 9:11 pm

Re: Ensure GRE is going trough IPsec with Firewall

Thu Apr 04, 2019 3:20 pm

You're looking for ipsec-policy matcher. Depending on style of your firewall, either allow GRE packets matching ipsec-policy=in,ipsec or block GRE pacekts matching ipsec-policy=in,none. And similar for outgoing.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
eworm
Member
Member
Posts: 427
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Ensure GRE is going trough IPsec with Firewall

Thu Apr 04, 2019 4:31 pm

My Firewall has:
/ ip firewall filter add action=reject chain=output ipsec-policy=out,none protocol=gre
That serves me well.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts

Who is online

Users browsing this forum: No registered users and 65 guests