search for: gre1

I am attempting to setup an IPSec protected GRE tunnel with a Cisco router. I believe the IPSec association is up, however I cannot move traffic over the tunnel. It is not clear how to integrate the tunnel interface (gre1) with firewall-cmd; adding the interface to trusted does not appear to 'stick'. [root at aqueduct ~]# firewall-cmd --add-interface=gre1 --zone=trusted The interface is under control of NetworkManager and already bound to 'trusted' The interface is under control of NetworkManager,...

I want to send a multicast packet to multiple gre tunnel, but the packet only went to where the routing table configured to. ex. when use ip route add 224.0.0.0/4 via gre0 then the packet go to gre0 when use ip route add 224.0.0.0/4 via gre1 then the packet go to gre1 when use ip route add 224.0.0.0/4 nexthop via gre1 nexthop via gre0 then the packet go to either gre or gre1 randomly, but not both ( is it for load balance ? ) how to configure the routing table let the packet go to both of gre tunnels ?

...sco. The cisco sees our hellos because it goes into the Init state. I do a tcpdump and I see esp traffic coming from the cisco like it is sending hellos but they never show up in a tcpdump on the gre tunnel. It is like the kernel is not delivering them. Also my gre tunnels on CentOS 6.5 are named gre1 at NONE and gre2 at NONE with an ip a s, while on the 6.4 CentOS system they show up as only gre1 and gre2? Whats with the @NONE? Looking at the Changelog of the kernel a lot of changes to the ip_gre module were made in 2.6.32-380 -- Stephen Clark *NetWolves Managed Services, LLC.* Director of...

Hi Devik/Patrik, In setting up IMQ/HTB with a GRE Tunnel I''m constantly getting kernel errors: [root@linux /root]# dmesg ... ... ... NET: XXX messages suppressed. Dead loop on virtual device gre1, fix it urgently! ... ... ... This I get only if I''m going to start cross device b/w control. If I remove iptables rule iptables -t mangle -D POSTROUTING -j IMQ then no such warning messages :O. An information to this is in my all class I''m using very low rate and rely on ceil...

.... You need to enabled bridging and GRE tunnels in your kernel. No other options are required. The gre patch determines what type of protocol type to put in the GRE header based on the whether the packet is forwarded from a bridge or not. To use the patch: # Create your GRE tunnel ip tunnel add gre1 mode gre remote 10.4.4.1 local 10.4.4.2 ifconfig gre1 up # Bring the ethernet device up ifconfig eth1 up #create the bridge and add the devices: brctl addbr br0 brctl addif br0 gre1 brctl addif br0 eth1 ifconfig br0 10.4.1.1 netmask 255.255.255.0 broadcast 10.4.1.255 regards -- ~~~~~~~~~~~~...

On 12/29/2017 3:59 AM, Wojciech ?ysiak wrote: > firstly check which zone are your interface in : > > bash> firewall-cmd --get-active-zones > > then all you have to do is add a service to the firewall > > firewall-cmd --zone=<INSERT YOUR ZONE> --add-service=openvpn --permanent > > assuming that your Openvpn is running on standard port 1194/tcp|udp, > If not

...gt; The interface is under control of NetworkManager, setting zone to? > 'internal'. success > # firewall-cmd --list-all-zones > (long list of zones, none of which have tun0 in their interfaces > field) I am experiencing the same thing getting IPSec protected GRE packets to the gre1 interface. It works with the firewall disabled; haven't been able to figure out how to make it work with the firewall enabled. firewall-cmd allows me to add the interface, but then forgets about it. -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Adminis...

...tcpdump output that shows ftp packets trying to go out the wrong interface. ip ru sh 0: from all lookup local 200: from y.y.y.174 lookup t1 201: from x.x.x.217 lookup t2 32766: from all lookup main 32767: from all lookup default ip r s y.y.y.129 dev eth1 scope link 172.16.0.0/29 dev gre1 proto kernel scope link src 172.16.0.1 y.y.y.128/25 dev eth1 proto kernel scope link src y.y.y.174 10.0.1.0/24 dev eth0 proto kernel scope link src 10.0.1.90 192.168.198.0/24 dev eth0 proto kernel scope link src 192.168.198.92 x.x.x.0/24 dev eth2 proto kernel scope link src x.x.x.217...