Libreswan IPSec Protected GRE Tunnel & Firewall-cmd
I am attempting to setup an IPSec protected GRE tunnel with a Cisco router. I believe the IPSec association is up, however I cannot move traffic over the tunnel.
It is not clear how to integrate the tunnel interface (gre1) with firewall-cmd; adding the interface to trusted does not appear to
‘stick’.
[root@aqueduct ~]# firewall-cmd –add-interface=gre1 –zone=trusted The interface is under control of NetworkManager and already bound to
‘trusted’
The interface is under control of NetworkManager, setting zone to
‘trusted’.
[root@aqueduct ~]# firewall-cmd –list-all –zone=trusted trusted
One thought on - Libreswan IPSec Protected GRE Tunnel & Firewall-cmd
While I cannot reference the interface in a firewall rule I have been able to get the tunnel operational using:
firewall-cmd –direct –add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT