I am attempting to setup an IPSec protected GRE tunnel with a Cisco
router. I believe the IPSec association is up, however I cannot move
traffic over the tunnel.
It is not clear how to integrate the tunnel interface (gre1) with
firewall-cmd; adding the interface to trusted does not appear to
'stick'.
[root@aqueduct ~]# firewall-cmd --add-interface=gre1 --zone=trusted
The interface is under control of NetworkManager and already bound to
'trusted'
The interface is under control of NetworkManager, setting zone to
'trusted'.
[root@aqueduct ~]# firewall-cmd --list-all --zone=trusted
trusted
target: ACCEPT
icmp-block-inversion: no
interfaces: <<<< nothing
...
No traffic ever appears to be received by the GRE interface.
6: gre1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1460 qdisc noqueue
state UNKNOWN qlen 1
link/gre A.B.C.D peer X.Y.W.Z
inet 10.65.1.1 peer 10.65.1.2/32 scope global gre1
valid_lft forever preferred_lft forever
inet6 fe80::200:5efe:4acc:1a64/64 scope link
valid_lft forever preferred_lft forever
[root@aqueduct ~]# ifconfig gre1
gre1: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1460
inet 10.65.1.1 netmask 255.255.255.255 destination 10.65.1.2
inet6 fe80::200:5efe:4acc:1a64 prefixlen 64 scopeid 0x20<link>
unspec 4A-CC-1A-64-00-00-F0-00-00-00-00-00-00-00-00-00 txqueuelen
1 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 146 bytes 12180 (11.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
--
Adam Tauno Williams <mailto:awilliam@xxxxxxxxxxxxx> GPG D95ED383
OpenGroupware Developer <http://www.opengroupware.us/>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
