Hello,
I created GRE tunnel (with IPsec Sercret) between CCR and CHR. (6.44.6)
1) policy created dynamically successfully (ph2 state established)
2) peer created dynamically successfully
3) identities created dynamically successfully
4) remote peers and installed sa created dynamically successfully
but GRE tunnel is inactive (not running).
how is this possible?
ipsec established, but gre tunnel not
Last edited by mikruser on Fri Jan 10, 2020 2:21 pm, edited 1 time in total.
Re: ipsec established, but gre tunnel not
Have you specified local and remote addresses of GRE on both routers?
Do you allow proper protocols to pass firewall?
Do you allow proper protocols to pass firewall?
Re: ipsec established, but gre tunnel not
>>Have you specified local and remote addresses of GRE on both routers?
Yes
>>Do you allow proper protocols to pass firewall?
Yes, full access for these addresses (without "IPsec Secret" gre-tunnel link up successfully).
I think this is a bug in ROS...
Yes
>>Do you allow proper protocols to pass firewall?
Yes, full access for these addresses (without "IPsec Secret" gre-tunnel link up successfully).
I think this is a bug in ROS...
Re: ipsec established, but gre tunnel not
I doubt that it is a bug. I use GRE-IPSec and IPIP-IPSec ..
Re: ipsec established, but gre tunnel not
You need to check your FWall rules
accept input traffic from your remote peer over proto 47(gre)
and proto 89(ospf) if you need
accept input traffic from your remote peer over proto 47(gre)
and proto 89(ospf) if you need
Last edited by yeahbunin on Wed Jan 08, 2020 5:40 pm, edited 1 time in total.
Re: ipsec established, but gre tunnel not
yeahbunin
read my previous message
read my previous message
Re: ipsec established, but gre tunnel not
Why don't you just provide a config. export of both ends instead of whining?
What do you expect anybody to do without this BASIC information?
What do you expect anybody to do without this BASIC information?