Interface General and GRE tunnel bug
VPN300 V5.31(ABFC.0)ITS-22WK31-r104914
Was testing making a GRE tunnel and found this bug when an interface is set to General with getting an IP by DHCP when you make a tunnel GRE on that interface to connect to a remote gateway the interface blocks sending GRE until you change interface to external then it works.
Best Answers
-
Hi @PeterUK
There is other interfaces configured as "external type" in your configuration. So the traffic should route to GRE remote gateway(94.173.27.164) was passed through by default route interface (exteral interfaces) but not your ge4.
It is because ge4 interface is configured as "General type", so you have to add additional routing for GRE tunnel on ge4. You may have a try to add the policy route on your device and make sure if it helps in your case.
0 -
Ok I found another reason why its because I had SYSTEM_DEFAULT_WAN_TRUNK set which does not included ge4 so when I make my own trunk VLAN443 and ge4 the ping works without needed the routeing rule.
1
All Replies
-
Hi @PeterUK
I have checked it by VPN300 V5.31(ABFC.0)ITS-22WK31-r104914.
There is no problem to build GRE tunnel when based interface in Gerenal or External type.
Maybe you can have a check policy control rule, if it allowed "Protocol 47" to your device which is for GRE tunnel service.
Or you can have a monitor traffic by routing trace on local & remote devices in the same time.
(1) Send ICMP from siteA to siteB continually.
(2) Click capture button start to collect packets.
(3) Then it will dumps result in a period time. You may have a check if traffic is working as expected.
0 -
pinging from both sides
General ping times out
change interface to external ping start working
0 -
Hi @PeterUK
I guess one of IP address in your screenshot is belonging to device interface address, so it caused duplicate packets in captured result. Can you capture it again and share result to us?
If it is accepted, you may send configuration to me by private message for further check.
0 -
Pinging from 192.168.33.35 to 192.168.138.3 on VLAN47 on VPN300 with tunnel2 to 192.168.138.1/28 to zywall 110
routing traces on VPN300
Interface General timeout
change interface to external ping start working
0 -
Hi @PeterUK
The issue is come from the GRE tunnel interface IP address has overlap to peer IP subnet, so it caused packets stop forwarding.
You can assign a virtual IP address for your GRE tunnel(100.100.100.1/24), and add routing for required IP segmenet.
0 -
This does not explain why it works with the interface set to external from General.
0 -
I have tried it your way
It still only works if interface is set to external
Maybe the problem is ge4 have a subnet 255.255.255.255 when interface is set to General?0 -
Hi @PeterUK
There is other interfaces configured as "external type" in your configuration. So the traffic should route to GRE remote gateway(94.173.27.164) was passed through by default route interface (exteral interfaces) but not your ge4.
It is because ge4 interface is configured as "General type", so you have to add additional routing for GRE tunnel on ge4. You may have a try to add the policy route on your device and make sure if it helps in your case.
0 -
Ok Thanks now its works with that routing rule oddly if I remove that rule it still works
But I think the way it should work is when config the tunnel interface in gateway settings the interface set (ge4) should be used regardless of interface set to external or general to then connect to the remote gateway without needing that a routing rule from zywall to next hop ge4.
0 -
Ok I found another reason why its because I had SYSTEM_DEFAULT_WAN_TRUNK set which does not included ge4 so when I make my own trunk VLAN443 and ge4 the ping works without needed the routeing rule.
1
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight