From eugen@grosbein.net Fri Mar 11 23:10:39 2022 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 461761A00387 for ; Fri, 11 Mar 2022 23:11:22 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KFhWX6zCjz4Rh5 for ; Fri, 11 Mar 2022 23:11:20 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 22BNBCpb040227 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 11 Mar 2022 23:11:13 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: mlist@jarasoft.net Received: from [10.58.0.11] ([10.58.0.11]) by eg.sd.rdtc.ru (8.16.1/8.16.1) with ESMTPS id 22BNAjjD068460 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Sat, 12 Mar 2022 06:11:10 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: GRE tunnel and a ipv4 subnet /29 To: mlist@jarasoft.net, freebsd-stable@FreeBSD.org References: <3ed8d7b9-efd1-9c79-4b21-a46cf7d17f85@jarasoft.net> From: Eugene Grosbein Message-ID: <403c0dbb-6d0b-21e9-9522-b03be1baa98b@grosbein.net> Date: Sat, 12 Mar 2022 06:10:39 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 In-Reply-To: <3ed8d7b9-efd1-9c79-4b21-a46cf7d17f85@jarasoft.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT autolearn=disabled version=3.4.2 X-Spam-Report: * -0.0 SHORTCIRCUIT No description available. * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 4KFhWX6zCjz4Rh5 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=fail (mx1.freebsd.org: domain of eugen@grosbein.net does not designate 2a01:4f8:c2c:26d8::2 as permitted sender) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-2.04 / 15.00]; ARC_NA(0.00)[]; R_SPF_FAIL(1.00)[-all]; FREEFALL_USER(0.00)[eugen]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.985]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.96)[-0.959]; RCPT_COUNT_TWO(0.00)[2]; MLMMJ_DEST(0.00)[freebsd-stable]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/32, country:DE]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N 12.03.2022 5:45, Jack Raats wrote: > I have an ipv4 test subnet from extraip 37.x.y.0/29 > > My internet connection has ip-address a.b.c.d. > I've a Fritxbox router and behind NAT is my FreeBSD server with ip-address 10.10.10.15. > On this router I've opened the firewall for GRE to my FreeBSD server. > On my FreeBSD server rc.conf has the following lines: > > cloned_interfaces=“gre0” > ifconfig_gre0=“inet 37.x.y.2 37.x.y.1 netmask 255.255.255.248 tunnel a.b.c.d gatewayip” > static_routes=“tunnel” > route_tunnel=“37.x.y.0/29 37.x.y.1” > > This doesn't work. Whats wrong? Do I forget something? You cannot use 37.x.x.2 for any interface on FreeBSD unless your upstream router (Fritxbox) delivers packets to this IP address to FreeBSD *without* NAT. Create static route for 37.x.x.2/32 with gateway address 10.10.10.15 in the routing table of Fritxbox. If you enabled NAT-based forwarding of GRE protocon on Fritxbox, disable it. Then it should work.