Messages

great idea, also put up a 3€/month donation instead of doing one time donation like in the past. Been using opnsense for 1 1/2 years now, on my radar for longer :) thank you for such a great product!

Issue is the same with GRE Tunnel. It seems to be with all virtual Interfaces.

i have been on this problem for a while now and its one big reason i cannot sunset two of our commercial firewalls at work (yet) and switch them over to opnsense because i need to route public v4s from a datacenter to a server.

@Maestro86: Thank you so much!!! this worked!

so one thing i found out;

if you set virtual IPs to the GRE and set the gateway as the Remote's Endpoints IPv4 Adress (in my case WAN of a mikrotik router worked), you can use the Virtual IPs for TCP, ICMP does not seem to work (working on that next)

problem seems to be the same as this:

https://github.com/opnsense/core/issues/3783

[so what i got working]

so what i got working:

I can setup a Tunnel over GRE with a Gateway (Upstream). With firewall rules (and outgoing nat) i can set specific LAN Clients to use that GRE Gateway which works fine! DNAT to internal Target works, even to the Firewalls own Interface IP Adresses!

what does not work:
I cannot ping the public ipv4 GRE Interface address from the internet. SSH, Webadmin and HAProxy is not useable for the routed IPv4.

it seems the only problem left is the inability for opnsense itself using the GRE Interface IPv4 for its own services.

Offering 50€ Bounty to a solution where i can tunnel IPv4 (or IPv4 Subnet) via Opnsense and Tunnel (GRE, OpenVPN Wireguard or IPSec) from Location A to Location B (i.e. Datacenter to Home/Company). Solution must include Screenshots and working examples. Bounty can be paid directly as donation to opnsense project or to the one who finds and shares a full solution/tutorial (put too many hours into this and its probably a tiny problem ...)

thanks, i will try that!

if by any chance you could share some screenshots, i would much appreciate it!

Edit: Can't get it to work, Traffic only comes in, but doesn't get out ...

Installed latest opnsense on a SG230 (rev1) this weekend. Works without a problem. What i cannot get to work is the LCD Display in Front, still saying its a Sophos ;-)

i have played around with this again yesterday and did some captures. When pinging from outside i can see the echo requests reaching the opnsense firewall. What i cannot see is any kind of response going on, neither on the GRE or the phys. WAN connection. It seems as if the Firewall just ignores these. Also a HAproxy does not yield any response either (was worth the try)

so i am getting grey hair over this setting up just a GRE tunnel :-)

What IPs do you give the GRE Tunnel - and what IPs the GRE Interface itself? Do you use only public IPv4, do you use private IPv4s on the GRE Tunnel and the public v4 on the GRE Interface? Some example screenshots/setup would be much appreciated! :-) Thank you!

i wonder if this is simply a missing Gateway setting that would also set the reply-to for that interface. I tried "playing around" with that without any success.

thanks for keeping us posted!

Did you add any NAT rule? Also would be interested in that Rule you have now that makes it work.
Did you configure Gateways?

Does it still work after reboot? :-)

ferryvanaesch: i remember something i found out when i tested. Say you are accessing from a VPS with IP a.b.c.d - set a static route for a.b.c.d/32 via your remote GRE tunnel IP (gateway). It will work, so what is missing, is the default route for the GRE. Since it is not working even when setting up multiwan, i wonder if it is a bug.