Why do I need to temporarily disable firewall to bring up peer's GRE interface?

Started by tbk49, Today at 05:57:05 PM

Previous topic - Next topic
As the title says, have been troubleshooting incoherent gre behaviour over last day or two, uttering bad words in frustration etc, and have finally found a common thread: if I disable the opnsense firewall (fw | advanced | miscellaneous), the peer's gre tunnel comes up immediately. If I then re-enable the firewall, the tunnel stays up. I can't accept this in a production environment.

I have fw rules on ipsec and WAN to allow GRE protocol.

What is the problem?

https://forum.opnsense.org/index.php?topic=6131.0 --- related?

I have read a long time ago (Think towards 15 to 20 years!) that GRE needs Port 0 forwarded in order to work properly and some Routers could not handle that at the time.

Maybe you are dealing with something similar ?!
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)