Bug 196011

Summary: if_gre tunnel works without rebooting system only in any one direction (send or receive)
Product: Base System Reporter: Vassily <kvas>
Component: kernAssignee: freebsd-net (Nobody) <net>
Status: New ---    
Severity: Affects Only Me CC: ae
Priority: ---    
Version: 10.1-RELEASE   
Hardware: amd64   
OS: Any   

Description Vassily 2014-12-16 06:08:34 UTC
Making tunnels from my FreeBSD server to cisco works only in gif-mode ("tunnel mode ipip" in cisco terms). When tunnel was changed to gre-mode the situation becames strange. If tunnel only receiving or only sending packets (changing it with ipfw2 at FreeBSD and route priorities on cisco) it works great for hundreds of hours. If usage of gre-tunnel becames bi-directional then in some minutes (depends on load but not more then half-hour) the system reloads. After reload there is nothing was found in logs about the reason of reload. Bidirectional usage of gif-tunnel works fine. Unidirectional usage of gre-tunnel works fine to. But I need to make all 3 tunnels (or at least 2 of them) a gre-tunnels to be able to put "keepalive 1 3" in cisco configuration making it able to detect tunnel aliveness.

I am using FreeBSD 10.1-Release (upgraded from 10.0) as router to connect LAN to 2 (some times to 3) internet providers. Each provider gives as one white IP (rtcom as PPPoE and saturn as /30 net in vlan). This functions works great. And over each provider my server have to make a tunnel to our head office. Previously it was done with cisco router and now I am trying to make this scheme using FreeBSD as a router.
Comment 1 Andrey V. Elsukov freebsd_committer freebsd_triage 2015-03-12 09:34:16 UTC
Can you try this implementation https://people.freebsd.org/~ae/gre-10.tgz ?
This is ported version from FreeBSD 11. If your tunnel has different inner and outer addresses, it should work as is. 

Unload original if_gre.ko module and just use `make all load` in if_gre directory. Then configure you tunnel as before. Also you can patch ifconfig(8) utility and it will support new options for gre(4) interfaces, but this isn't required.
Comment 2 Vassily 2015-03-13 11:16:59 UTC
I got sources from https://people.freebsd.org/~ae/gre-10.tgz and compiled it at my 10.1-p5 server. Reloading if_gre module in kernel was succesfull. For this moment tunnel works in bidirectional mode at least 3 hours. Non rebooting my server. Thanks!
Comment 3 Vassily 2015-03-16 03:36:42 UTC
New variant of if_gre works fine simultaneously in both directions more then 60 hours for now.