Friborz, any progress? not a gre expert but glad to see you get on with your problem.
On Sat, Jan 6, 2024 at 10:39 PM Fariborz Navidan <[email protected]> wrote: > > Hi Dear Experts, > > We are running Cs 4.15.0.0 with 2 KVM hosts having security groups enabled > zone. We have a VM which a GRE tunnel has been setup between it and a > server outside our network. Both hosts had been rebooted a few days ago due > to power interruption. Before the reboot happens, the GRE tunnel was > working properly on the mentioned VM. However after the reboot, GRE tunnel > can be established but machines cannot reach each other via the tunnel's > private IP address. All ports and protocols are already added to ingress > rule set of security group which VM belongs to. > > Below is output of "ip a" and "ip r" commands on the VM running on our CS > infrastructure. > > root@cdn-fr-1-kajgana-net:~# ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group > default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state > UP group default qlen 1000 > link/ether 1e:00:85:00:02:4d brd ff:ff:ff:ff:ff:ff > inet 164.132.223.34/28 brd 164.132.223.47 scope global ens3 > valid_lft forever preferred_lft forever > inet6 fe80::1c00:85ff:fe00:24d/64 scope link > valid_lft forever preferred_lft forever > 3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000 > link/gre 0.0.0.0 brd 0.0.0.0 > 4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group > default qlen 1000 > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff > 5: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group > default qlen 1000 > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff > 6: gre1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state > UNKNOWN group default qlen 1000 > link/gre 164.132.223.34 peer 89.205.123.34 > inet 192.168.169.1/30 scope global gre1 > valid_lft forever preferred_lft forever > inet6 fe80::200:5efe:a484:df22/64 scope link > valid_lft forever preferred_lft forever > > root@cdn-fr-1-kajgana-net:~# ip r > default via 164.132.223.46 dev ens3 > 164.132.223.32/28 dev ens3 proto kernel scope link src 164.132.223.34 > 192.168.169.0/30 dev gre1 proto kernel scope link src 192.168.169.1 > > IP address of tunnel's other endpoint is 192.168.169.2 which is unreachable > from the VM. It looks like GRE tunnel has been established but traffic > cannot be p[assed through. > > Is there something we need to do with iptables rules on the hosts to allow > GRE traffic or is there anything else we can do to address this issue? > > Thanks in advance. > Regards. -- Daan
