GRE issues

[D.D.W. Downey]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 05 June 2004 02:00 pm, you wrote:
> The link below will show you exactly how to setup GRE tunnels
>
> http://www.pointless.net/~jasper/consume/docs/my-docs/tunneling.html
>
> ----- Original Message -----
> From: "D.D.W. Downey" <pgpkeys at pgpkeys.net>
> To: <freebsd-questions at freebsd.org>
> Sent: Friday, June 04, 2004 3:01 AM
> Subject: GRE issues
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > Trying to set up GRE here for routing a /29 to the house. I am using the
> > following configuration and not sure what the problem is. I get a single
> > packet through from the DSL box to the remote box then I get total packet
> > loss. I can ping the 192.168.3.1 from 192.168.2.1 but not vis versa.
> > If i assign an IP to my rl0 on the DSL box from the AssignedBlock it
> > pings locally but not from the internet. In fact it bounces back and
> > forth
>

Right on, thank you for that URL. Reinforces that I am on the right track. I 
found that URL before I mailed the list and this confirms that I've done this 
correctly. For that I wish to thank you.

However, the problem still remains. See, the problem is that from the remote 
side of the tunnel I can ping any IP address I assign lcoally, from the block 
I'm trying to route over the gre tunnel. I can ping the local side of the 
routing from the remote. However, if I ping the remote side of the tunnel 
(NOT the IPs used in the ifconfig gre1 tunnel <IP1> <ip2> statement, but the 
one used for the link1 statement) it fails to ping. I get exactly *one* ping 
through and recorded and then the rest just "magically" disappear. The local 
side shows them going out (via ipfw add statements and counting the packets), 
but the far side records only one packet recieved and ping shows one single 
successful send. Every packet after that seems to get lost.

I've been thinking on this and want to see how far off base I am. So, feel 
free to tell me if you see something wrong in my logical thoughts.

I have the /29 routed to here on the remote over the gre tunnel. I have 
another route statement on THIS side (local) for the same block. (My 
reasoning being that for the packets for that block to be answerable it has 
to know to go back over the tunnel. However, in my head that seems wrong 
since routing is destination based packet routing which means that i'm just 
bouncing the packets back and forth over the gre tunnel. It works fine coming 
from the remote to me because, well that's the correct traffic path. The 
route on MY side of the tunnel is wrong because I'm saying to route packets 
destined for the /29 BACk to the REMOTE side of the tunnel. Obviously not 
what we want here. The example given on the URL we both have shows 2 
different /30s being routed across the GRE. I don't have that. I have a 
single /29 coming TO me locally. Now i need to know how to route any packets 
the /29 generates in response to traffic BACK over the gre TO the remote side 
and of course, back to their origination. 

OK, so I see I'm doing it wrong with the routing statement on my side (local) 
of the gre tunnel. How would I route the packets the /29 generates (either 
from me just using the IPs outbound with return traffic, or as someone 
contacting the IPs in the /29 and me responding)?

Seems route is only half the answer when dealing with this.

- -- 
D.D.W. Downey
CyberSpace Technologies, Inc.
AS64567-OCCAID


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAwitVDQ32jEgJHCgRAqe4AKDJGkz0W+jRzw+ifjo96T+LZaSbHwCbB3OK
EK5EA8RbZ+3hxg3bAivXN/A=
=x11b
-----END PGP SIGNATURE-----