L2 GRE Tunnel

  • 3
  • Question
  • Updated 5 years ago
  • Answered
I have an issue with my GRE L2 tunnel between the HiveOS and Watchguard Firewall (Gateway)

The GRE tuneel is operating correctly
Users can connect and are placed within the DHCP and network on the HiveOS

I can ping the users and the GW from HiveOS
However from the users i cannot see the GW or other devcies, and from the gateway cannot see the users

Their hardware addresses are not appearing within the ARP tables of any servers, firewall or switch located within the DMZ

How do i get the users off the HiveOS and out to the internet

cheers
Photo of Shane

Shane

  • 19 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 3
Photo of Jonathan Hurtt

Jonathan Hurtt

  • 98 Posts
  • 48 Reply Likes
Would you happen to have a network diagram to help clarify connectivity. It is unclear how the devices are connected.
Photo of Shane

Shane

  • 19 Posts
  • 0 Reply Likes


image attached of network
Photo of Jonathan Hurtt

Jonathan Hurtt

  • 98 Posts
  • 48 Reply Likes
Can you confirm that we have IP Protocol 47 and UDP ports 3000 and 3002 open in BOTH directions allowed for the GRE to establish a tunnel and pass traffic.
Photo of Ness Firth

Ness Firth

  • 3 Posts
  • 4 Reply Likes
I'm Shane colleague.

we can confirm all the 3 ports open bi direction
Photo of Jonathan Hurtt

Jonathan Hurtt

  • 98 Posts
  • 48 Reply Likes
I would suggest contacting Aerohive Support to help troubleshoot this issue further.

Information to contact support can be found here -> https://support.aerohive.com
Photo of Jonathan Hurtt

Jonathan Hurtt

  • 98 Posts
  • 48 Reply Likes
One last thought is that the trust level between the interfaces on the Firewall could be preventing traffic from flowing freely across the Firewall, have you attempted to move the HiveOS in the DMZ to somewhere else in your network (where the traffic does not have to traverse the Firewall) to see if traffic can be passed through the GRE Tunnel?
Photo of Ness Firth

Ness Firth

  • 3 Posts
  • 4 Reply Likes
Thank you for reply. I will try it out and let you know
Photo of Ness Firth

Ness Firth

  • 3 Posts
  • 4 Reply Likes
Thank you Jonathan.

we found the problem, which have been advised by Gary Smith of Aerohive.
the setting we had on VM server was the seurity of the vSwitch on Network interface set to reject Promiscuous Mode. toggle that to accept have done the job.

Thank you for all the Help Gary it was spot on!

.
Photo of Jonathan Hurtt

Jonathan Hurtt

  • 98 Posts
  • 48 Reply Likes
Thanks for the update Ness! Also can you mark your last comment as a the answer to help other community members.
Photo of Shane

Shane

  • 19 Posts
  • 0 Reply Likes
how can you marked as answered as we cannot see anything

shane
Photo of Amanda

Amanda

  • 396 Posts
  • 25 Reply Likes
I've marked it answered - thanks everyone.

amanda