OPNsense Forum

English Forums => General Discussion => Topic started by: tbk49 on July 03, 2026, 05:57:05 PM

Title: Why do I need to temporarily disable firewall to bring up peer's GRE interface?
Post by: tbk49 on July 03, 2026, 05:57:05 PM
As the title says, have been troubleshooting incoherent gre behaviour over last day or two, uttering bad words in frustration etc, and have finally found a common thread: if I disable the opnsense firewall (fw | advanced | miscellaneous), the peer's gre tunnel comes up immediately. If I then re-enable the firewall, the tunnel stays up. I can't accept this in a production environment.

I have fw rules on ipsec and WAN to allow GRE protocol.

What is the problem?

https://forum.opnsense.org/index.php?topic=6131.0 --- related?
Title: Re: Why do I need to temporarily disable firewall to bring up peer's GRE interface?
Post by: nero355 on July 03, 2026, 07:10:42 PM
I have read a long time ago (Think towards 15 to 20 years!) that GRE needs Port 0 forwarded in order to work properly and some Routers could not handle that at the time.

Maybe you are dealing with something similar ?!