Custom Tunnel

Post Reply
JudeK
Posts: 4
Joined: March 12th, 2017, 3:03 pm

Custom Tunnel

Post by JudeK » March 12th, 2017, 3:11 pm

Hello,

I am trying to set up a custom tunnel on a local IPFire server to a remote CentOS server, but I am so far not receiving ping replies. I have used the following lines on both ends:

ip tunnel add test mode gre remote x.x.x.x local y.y.y.y dev red0 ttl 64
ifconfig test 10.0.0.51 netmask 255.255.255.0 pointopoint 10.0.0.52
ifconfig test mtu 1500 up
ip link set test up

I have followed these up by restarting the firewalls on both ends (IPFire: /etc/init.d/firewall start). I would appreciate some help.

Thank you.

User avatar
Arne.F
Core Developer
Core Developer
Posts: 7473
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: Custom Tunnel

Post by Arne.F » March 15th, 2017, 9:58 am

Unknown incoming traffic on red will rejected by the firewall. Check the logs and create a rule to accept this.
Arne

Support the project on the IPFire whishlist!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

JudeK
Posts: 4
Joined: March 12th, 2017, 3:03 pm

Re: Custom Tunnel

Post by JudeK » March 16th, 2017, 7:33 pm

Thanks for the reply. I've also included rules to accept traffic, and even tried with other servers in vain. The problem may be some router at the other end that blocks traffic. I'll keep at it, and post something if it works.

JudeK
Posts: 4
Joined: March 12th, 2017, 3:03 pm

Re: Custom Tunnel

Post by JudeK » March 27th, 2017, 7:38 am

Hello again,
I've confirmed that the remote end is able to ping my IPFire server, but I am so far unable to receive replies on my end. I've tried in vain including iptables rules in different files:

/etc/init.d/firewall
/etc/sysconfig/firewall.local ("Start" rules)

My guess is that the P2PBLOCK or other preconfigured rules are overriding my custom rules. I would appreciate help.
Thank you.

JudeK
Posts: 4
Joined: March 12th, 2017, 3:03 pm

Re: Custom Tunnel

Post by JudeK » May 2nd, 2017, 10:23 am

Hello again,
I've still not managed to identify the problem in my configuration. When I do a ping to the tunnel destination, I see through tcpdump that there is an echo request on red0, but there is no reply. I would appreciate suggestions on how to allow the incoming traffic on the tunnel (I have tried custom rules through the web interface as well but without success).
Thank you.

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5488
Joined: August 11th, 2005, 9:02 am

Re: Custom Tunnel

Post by MichaelTremer » May 2nd, 2017, 11:21 am

Hi,

any custom rules need to go into the CUSTOM* chains. Just run "iptables -L -nv" and you will see.

But you could just as well configure those rules on the user interface. Just use the correct networks in the rules.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest