Community discussions

MikroTik App
 
Tdaddysimi
Member Candidate
Member Candidate
Topic Author
Posts: 108
Joined: Wed Sep 28, 2016 4:37 pm
Location: Minnesota

Having issues routing all traffic over GRE tunnel.

Fri Sep 03, 2021 5:58 am

I am having an issue. I have a client with a mikrotik router that has a /26 assigned to it to get it on the internet.
The client then has a GRE tunnel that has a /25 routed over it. His servers aren't accessible over the gre tunnel. When I vpn to his tik, I can easily access everything on his publics so I have narrowed it down to the GRE tunnel and the routing there. I have tried doing a mangle rule to take his /25 and push it back over the tunnel. the issue is when a public ip comes over the gre, I dont think the mangle rule is pushing it back over the tunnel and the route breaks.

Here is the best I can do at the moment to show the configuration:
/interface gre
add allow-fast-path=no comment="GRE TUNNEL" \
local-address=12.34.56.78 name=gre-tunne1 remote-address=78.67.54.32
/ip address
add address=16.22.80.47/26 interface=ether1 network=xx.202.80.0
add address=10.67.0.90/30 interface=gre-tunne1 network=10.67.0.88
add address=1.2.3.1/25 interface=gre-tunnel1 network=1.2.3.0
/ip route
add distance=7 gateway=10.67.0.89 pref-src=1.2.3.1 routing-mark=gre
add distance=8 gateway=10.67.0.89 routing-mark=gre
add distance=10 gateway=16.22.80.1

When I try to create a default route over the gre tunnel, it flops, likely because it cant see its 'gateway' that was originally assigned to it. Any help would be AWESOME.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Having issues routing all traffic over GRE tunnel.

Mon Sep 06, 2021 7:53 pm

I'm slightly lost in your description, so let me rephrase it to check whether I've understood it properly.

The client's Mikrotik has 12.34.56.78/26 on its "physical" WAN.
It also has 1.2.3.1/25 on the GRE tunnel, effectively acting as another WAN.

All you want is that requests coming from the internet that have arrived to 12.34.56.xx/26, i.e. via the physical WAN (and eventually got dst-nated to some private IPs) would be responded via the physical WAN, and requests from the internet that have arrived to 1.2.3.x/25, i.e. via the GRE, would be responded via the "GRE WAN"?

From what you've posted I can see that you've created an additional routing table named gre, but you haven't shown any mangle rules, which are mandatory for this to work if at least one of the internal servers (or the router itself) needs to be accessible via both WANs.

Who is online

Users browsing this forum: akakua, ItchyAnkle, Lumpy, menyarito and 94 guests