Objectives :
Create GRE tunnel between :
- router-002 and windriver
- router-002 and ysul
- router-002 and cloudhugger
- router-003 and windriver
- router-003 and ysul
- router-003 and cloudhugger
link wiki : https://agora.nasqueron.org/Creation_GRE_tunnel
Description
Description
Event Timeline
Comment Actions
@Duranzed Actually, dmesg(8) gave a pretty confirmation of the encapsulation GRE-in-GRE issue:
gre0: if_output recursively called too many times
Source code search on that message:
sys/net/if.c
/* * Tunnel interfaces can nest, also they may cause infinite recursion * calls when misconfigured. We'll prevent this by detecting loops. * High nesting level may cause stack exhaustion. We'll prevent this * by introducing upper limit. * * Return 0, if tunnel nesting count is equal or less than limit. */ int if_tunnel_check_nesting(struct ifnet *ifp, struct mbuf *m, uint32_t cookie, int limit) { struct m_tag *mtag; int count; count = 1; mtag = NULL; while ((mtag = m_tag_locate(m, cookie, 0, mtag)) != NULL) { if (*(struct ifnet **)(mtag + 1) == ifp) { log(LOG_NOTICE, "%s: loop detected\n", if_name(ifp)); return (EIO); } count++; } if (count > limit) { log(LOG_NOTICE, "%s: if_output recursively called too many times(%d)\n", if_name(ifp), count); return (EIO); } mtag = m_tag_alloc(cookie, 0, sizeof(struct ifnet *), M_NOWAIT); if (mtag == NULL) return (ENOMEM); *(struct ifnet **)(mtag + 1) = ifp; m_tag_prepend(m, mtag); return (0); }
(there is no loop detected in the system messages)
Comment Actions
A tunnel has been created between router-002 and router-003 using standard interface to avoid recursion and have a stable connection
Comment Actions
GRE tunnel and IPsec configurations work as intended between router-002 and router-003, GRE is reachable on both sides and traffic is encrypted in IPsec with an ESP header