Hello everyone,
I am facing a networking issue on FreeBSD with a setup involving GRE + CARP + IPsec/strongswan, my goal is to reach a CARP VIP through a GRE tunne
I have two FreeBSD routers with a public CARP VIP:
- router-002
- router-003
The VIP is:
- 51.68.252.230
I also have a remote host called windriver
- public IP: 195.154.30.15
The GRE tunnel works correctly when i use the router's real public IP as the GRE endpoint
However, when I use the carp VIP as the GRE endpoint, the ping doesn't work anymore
My question :
Is there a known limitation or specific behavior on FreeBSD regarding:
- using CARP CARP VIP as GRE endpoint
- GRE decapsulation on an IP carried by
- or any specific setting required so GRE traffic is correctly associated with the <span>greX</span> interface when the endpoint is a CARP VIP?
###############################"
router config
###############################
@router-003 ~]$ ifconfig vmx1
vmx1: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=4e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
ether 00:50:56:09:98:fc
inet 178.32.70.111 netmask 0xffffffff broadcast 178.32.70.111
inet 51.68.252.230 netmask 0xffffffff broadcast 51.68.252.230 vhid 2
carp: MASTER vhid 2 advbase 1 advskew 0
peer 178.32.70.110 peer6 ff02::12
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
@router-003 ~]$ ifconfig gre1
gre1: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1476
description: drake_to_windriver
options=80000<LINKSTATE>
tunnel inet 51.68.252.230 --> 195.154.30.15
inet 172.27.27.253 --> 172.27.27.36 netmask 0xffffffff
groups: gre
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tunnel route:
@router-003 ~]$ route -n get 172.27.27.36
route to: 172.27.27.36
destination: 172.27.27.36
fib: 0
interface: gre1
flags: <UP,HOST,DONE,PINNED>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1476 1 0
###############################"
client config
###############################
ifconfig client:
@windriver ~]$ ifconfig gre2
gre2: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1476
description: drake_via_router-003
options=80000<LINKSTATE>
tunnel inet 195.154.30.15 --> 51.68.252.230
inet 172.27.27.36 --> 172.27.27.253 netmask 0xffffffff
groups: gre
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Tunnel route:
@windriver ~]$ route -n get 172.27.27.253
route to: 172.27.27.253
destination: 172.27.27.253
fib: 0
interface: gre2
flags: <UP,HOST,DONE,PINNED>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1476 1 0
Thank you in advance for any help i receive
I am facing a networking issue on FreeBSD with a setup involving GRE + CARP + IPsec/strongswan, my goal is to reach a CARP VIP through a GRE tunne
I have two FreeBSD routers with a public CARP VIP:
- router-002
- router-003
The VIP is:
- 51.68.252.230
I also have a remote host called windriver
- public IP: 195.154.30.15
The GRE tunnel works correctly when i use the router's real public IP as the GRE endpoint
However, when I use the carp VIP as the GRE endpoint, the ping doesn't work anymore
My question :
Is there a known limitation or specific behavior on FreeBSD regarding:
- using CARP CARP VIP as GRE endpoint
- GRE decapsulation on an IP carried by
- or any specific setting required so GRE traffic is correctly associated with the <span>greX</span> interface when the endpoint is a CARP VIP?
###############################"
router config
###############################
@router-003 ~]$ ifconfig vmx1
vmx1: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=4e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
ether 00:50:56:09:98:fc
inet 178.32.70.111 netmask 0xffffffff broadcast 178.32.70.111
inet 51.68.252.230 netmask 0xffffffff broadcast 51.68.252.230 vhid 2
carp: MASTER vhid 2 advbase 1 advskew 0
peer 178.32.70.110 peer6 ff02::12
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
@router-003 ~]$ ifconfig gre1
gre1: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1476
description: drake_to_windriver
options=80000<LINKSTATE>
tunnel inet 51.68.252.230 --> 195.154.30.15
inet 172.27.27.253 --> 172.27.27.36 netmask 0xffffffff
groups: gre
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tunnel route:
@router-003 ~]$ route -n get 172.27.27.36
route to: 172.27.27.36
destination: 172.27.27.36
fib: 0
interface: gre1
flags: <UP,HOST,DONE,PINNED>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1476 1 0
###############################"
client config
###############################
ifconfig client:
@windriver ~]$ ifconfig gre2
gre2: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1476
description: drake_via_router-003
options=80000<LINKSTATE>
tunnel inet 195.154.30.15 --> 51.68.252.230
inet 172.27.27.36 --> 172.27.27.253 netmask 0xffffffff
groups: gre
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Tunnel route:
@windriver ~]$ route -n get 172.27.27.253
route to: 172.27.27.253
destination: 172.27.27.253
fib: 0
interface: gre2
flags: <UP,HOST,DONE,PINNED>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1476 1 0
Thank you in advance for any help i receive