Show Posts
1
General Discussion / Bridge between 2 Opnsense Firewalls using a gif tunnel supported?
« on: February 24, 2022, 03:47:50 pm »
I try to bridge between 2 Opnsense Firewalls using a gif tunnel.
SW 22.1.
The network to be bridged is 22.22.22.0/24
The transfer network between the 2 firewalls is 1.1.1.0/24
This is the setup (all masks are /24)
Host_1 and Host_2 are connected to opt 1 each
Host_1 (22.22.22.103)-----opnsense_1(WAN)1.1.1.1..........1.1.1.2(WAN)opnsense_2-----Host_2(22.22.22.101)
1. define gif interface (see attachments)
2. define bridge and assign opt_1 and gif to it
3. Enable interfaces and define FW rules
Test communication between Host_1 (22.22.22.103) and Host_2(22.22.22.101).
Host_1 pings Host_2
-the arp request of host 1 is anwered by host 2, using etherip encapsulation between the firewalls
-this should confirm that the gif tunnel and bridge is functional in both directions
The problem starts with IP:
ICMP request is sent again over the gif/bridge to host 2 which answers with an ICMP reply.
Now the ICMP reply of host 2 does not enter anymore the gif tunnel at opnsense_2 and the ping fails
The wireshark shows the data on the transfer link / gif tunnel. Only ICMP requests are seen.
The firwall logs at both sides do not report any drops.
Any idea what could be wrong?
SW 22.1.
The network to be bridged is 22.22.22.0/24
The transfer network between the 2 firewalls is 1.1.1.0/24
This is the setup (all masks are /24)
Host_1 and Host_2 are connected to opt 1 each
Host_1 (22.22.22.103)-----opnsense_1(WAN)1.1.1.1..........1.1.1.2(WAN)opnsense_2-----Host_2(22.22.22.101)
1. define gif interface (see attachments)
2. define bridge and assign opt_1 and gif to it
3. Enable interfaces and define FW rules
Test communication between Host_1 (22.22.22.103) and Host_2(22.22.22.101).
Host_1 pings Host_2
-the arp request of host 1 is anwered by host 2, using etherip encapsulation between the firewalls
-this should confirm that the gif tunnel and bridge is functional in both directions
The problem starts with IP:
ICMP request is sent again over the gif/bridge to host 2 which answers with an ICMP reply.
Now the ICMP reply of host 2 does not enter anymore the gif tunnel at opnsense_2 and the ping fails
The wireshark shows the data on the transfer link / gif tunnel. Only ICMP requests are seen.
The firwall logs at both sides do not report any drops.
Any idea what could be wrong?