Issue with GRE Tunnel between a VM and outside server

Sat, 06 Jan 2024 13:39:48 -0800 

Hi Dear Experts,

We are running Cs 4.15.0.0 with 2 KVM hosts having security groups enabled
zone. We have a VM which a GRE tunnel has been setup between it and a
server outside our network. Both hosts had been rebooted a few days ago due
to power interruption. Before the reboot happens, the GRE tunnel was
working properly on the mentioned VM. However after the reboot, GRE tunnel
can be established but machines cannot reach each other via the tunnel's
private IP address. All ports and protocols are already added to ingress
rule set of security group which VM belongs to.

Below is output of "ip a" and "ip r" commands on the VM running on our CS
infrastructure.

root@cdn-fr-1-kajgana-net:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
    link/ether 1e:00:85:00:02:4d brd ff:ff:ff:ff:ff:ff
    inet 164.132.223.34/28 brd 164.132.223.47 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::1c00:85ff:fe00:24d/64 scope link
       valid_lft forever preferred_lft forever
3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group
default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
5: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group
default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
6: gre1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state
UNKNOWN group default qlen 1000
    link/gre 164.132.223.34 peer 89.205.123.34
    inet 192.168.169.1/30 scope global gre1
       valid_lft forever preferred_lft forever
    inet6 fe80::200:5efe:a484:df22/64 scope link
       valid_lft forever preferred_lft forever

root@cdn-fr-1-kajgana-net:~# ip r
default via 164.132.223.46 dev ens3
164.132.223.32/28 dev ens3 proto kernel scope link src 164.132.223.34
192.168.169.0/30 dev gre1 proto kernel scope link src 192.168.169.1

IP address of tunnel's other endpoint is 192.168.169.2 which is unreachable
from the VM. It looks like GRE tunnel has been established but traffic
cannot be p[assed through.

Is there something we need to do with iptables rules on the hosts to allow
GRE traffic or is there anything else we can do to address this issue?

Thanks in advance.
Regards.

Reply via email to