I have really weird problem. I have public IP subnet routed to server (let’s call it tun1) by BGP (announced by bird) which I am sending further into nodes. I am using GRE tunnel for that purpose.
I can ping public IP on VM on second node, but I am not able to get any connections past tun1.
Both servers are in different localities, has own public IPs – different from subnet I am routing.
simple network map –
this way I am able to ping last host in this line:
internet->(1.2.3.1)tun1(GRE-noip)->(GRE-noip)(7.8.9.1)vmserver(4.5.6.1)->VM(4.5.6.2)
this way is timing out
VM(4.5.6.2)->(4.5.6.1)vmserver(7.8.9.1)(GRE-noip)->(GRE-noip)tun1 - here it ends
VM parameters:
ip addr add 4.5.6.2/24 eth0
ip route add 4.5.6.1
vmserver parameters:
ip tunnel add gre1 mode gre local 7.8.9.1 remote 1.2.3.1 ttl 255
ip link set gre1 up
ip rule add from 4.5.6.0/24 table 666
ip route add default dev gre1 table 666
ip route add 4.5.6.0/24 dev vmbr0 table 666
echo 0 > /proc/sys/net/ipv4/conf/gre1/rp_filter
tun1 parameters:
ip tunnel add gre1 mode gre remote 7.8.9.1 local 1.2.3.1 ttl 255
ip route add 4.5.6.2 dev gre1
ip route add 4.5.6.1 dev gre1
- ip_forwarding is set to 1 on both sides.
- tcpdump says this:
1.2.3.1 (public IP of tun1) > 8.8.8.8: ICMP time exceeded in-transit, length 72 - because of bird routing, I have this in routing table on tun1:
4.5.6.0 0.0.0.0 255.255.255.0 U 0 0 0 *
Any help would be appreciated. I can’t think about any issue here – maybe some additional eyes will spot something.
Many thanks.
