Quote from: Patrick M. Hausen on July 05, 2026, 09:17:23 PMQuote from: tbk49 on July 05, 2026, 08:45:46 PMI am using tunnel mode, not transport. That a problem?
That entirely depends on what you want to achieve and how the other side is configured.
In tunnel mode as used in most scenarios you would not run an additional GRE tunnel inside the IPsec tunnel. Why are you doing that?
Quote from: tbk49 on July 05, 2026, 08:45:46 PMI am using tunnel mode, not transport. That a problem?
Quote from: lmoore on July 04, 2026, 10:18:41 AMQuote from: tbk49 on July 03, 2026, 05:57:05 PMI have fw rules on ipsec and WAN to allow GRE protocol.
I don't understand why you would be running GRE over an IPSEC tunnel, is this what you are doing?
Reading through one of the articles, during troubleshooting they mention not setting keep state for the GRE rule.
Have you tried a rule like this for GRE where you have Direction set to Both and set state to no state - advanced option under Stateful firewall?@625 pass quick on re0 inet proto gre all no state label "c18f1b78-d4dc-46fb-9bb5-61c3ae3d8693"
Quote from: nero355 on July 04, 2026, 04:58:47 PMQuote from: tbk49 on July 03, 2026, 09:28:01 PMI can't tell whether you are having a joke here or not, but if not, you're telling me opnsense and neither freebsd have solved a 20 year old problem?...I am telling you what I happen to know : That's all :)Quote from: Patrick M. Hausen on July 03, 2026, 09:52:16 PMGRE does not have ports. It's its own protocol on top of IP independent of TCP and UDP. Port 0 might be a historical frontend abstraction of some product for not having port numbers at all.Could be... I can't remember anymore... Too long ago...
Also no further experience with GRE or IPSec :)
Quote from: Patrick M. Hausen on July 04, 2026, 10:58:59 AMQuote from: lmoore on July 04, 2026, 10:18:41 AMI don't understand why you would be running GRE over an IPSEC tunnel
At times when VTIs did not yet exist but you wanted a dedicated interface for your IPsec VPN, e.g. to run OSPF on it or similar, a common setup was to establish an IPIP or GRE tunnel and encrypt these packets in transport mode.