Hi Wei, I highly appreciate your help. Your proposed solution worked for me.
Thanks. On Sat, 20 Jan 2024, 16:36 Wei ZHOU, <ustcweiz...@gmail.com> wrote: > Have you retried after adding security group rule with protocol number = > 47? > > -Wei > > > 在 2024年1月20日星期六,Fariborz Navidan <mdvlinqu...@gmail.com> 写道: > > > Hi Daan, > > > > We still couldn't sort out this issue with our client VM. We are still > > waiting for the community to direct us toward finding a solution. > > > > Regards. > > > > On Fri, 19 Jan 2024, 17:31 Daan Hoogland, <daan.hoogl...@gmail.com> > wrote: > > > > > Friborz, any progress? > > > not a gre expert but glad to see you get on with your problem. > > > > > > On Sat, Jan 6, 2024 at 10:39 PM Fariborz Navidan < > mdvlinqu...@gmail.com> > > > wrote: > > > > > > > > Hi Dear Experts, > > > > > > > > We are running Cs 4.15.0.0 with 2 KVM hosts having security groups > > > enabled > > > > zone. We have a VM which a GRE tunnel has been setup between it and a > > > > server outside our network. Both hosts had been rebooted a few days > ago > > > due > > > > to power interruption. Before the reboot happens, the GRE tunnel was > > > > working properly on the mentioned VM. However after the reboot, GRE > > > tunnel > > > > can be established but machines cannot reach each other via the > > tunnel's > > > > private IP address. All ports and protocols are already added to > > ingress > > > > rule set of security group which VM belongs to. > > > > > > > > Below is output of "ip a" and "ip r" commands on the VM running on > our > > CS > > > > infrastructure. > > > > > > > > root@cdn-fr-1-kajgana-net:~# ip a > > > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > > group > > > > default qlen 1000 > > > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > > > inet 127.0.0.1/8 scope host lo > > > > valid_lft forever preferred_lft forever > > > > inet6 ::1/128 scope host > > > > valid_lft forever preferred_lft forever > > > > 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > > > state > > > > UP group default qlen 1000 > > > > link/ether 1e:00:85:00:02:4d brd ff:ff:ff:ff:ff:ff > > > > inet 164.132.223.34/28 brd 164.132.223.47 scope global ens3 > > > > valid_lft forever preferred_lft forever > > > > inet6 fe80::1c00:85ff:fe00:24d/64 scope link > > > > valid_lft forever preferred_lft forever > > > > 3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default > > qlen > > > 1000 > > > > link/gre 0.0.0.0 brd 0.0.0.0 > > > > 4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state > DOWN > > > group > > > > default qlen 1000 > > > > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff > > > > 5: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state > DOWN > > > group > > > > default qlen 1000 > > > > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff > > > > 6: gre1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue > > > state > > > > UNKNOWN group default qlen 1000 > > > > link/gre 164.132.223.34 peer 89.205.123.34 > > > > inet 192.168.169.1/30 scope global gre1 > > > > valid_lft forever preferred_lft forever > > > > inet6 fe80::200:5efe:a484:df22/64 scope link > > > > valid_lft forever preferred_lft forever > > > > > > > > root@cdn-fr-1-kajgana-net:~# ip r > > > > default via 164.132.223.46 dev ens3 > > > > 164.132.223.32/28 dev ens3 proto kernel scope link src > 164.132.223.34 > > > > 192.168.169.0/30 dev gre1 proto kernel scope link src 192.168.169.1 > > > > > > > > IP address of tunnel's other endpoint is 192.168.169.2 which is > > > unreachable > > > > from the VM. It looks like GRE tunnel has been established but > traffic > > > > cannot be p[assed through. > > > > > > > > Is there something we need to do with iptables rules on the hosts to > > > allow > > > > GRE traffic or is there anything else we can do to address this > issue? > > > > > > > > Thanks in advance. > > > > Regards. > > > > > > > > > > > > -- > > > Daan > > > > > >
