ipsec-policy: Permit GRE traffic for GRE connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-28 11:43:25 +02:00 · 2018-11-29 15:58:55 +00:00
parent 2704dbbc28
commit b54cd874b9
1 changed files with 13 additions and 0 deletions
--- a/config/firewall/ipsec-policy
+++ b/config/firewall/ipsec-policy
@@ -82,6 +82,19 @@ install_policy() {
 		# Check if this a net-to-net connection
 		[ "${type}" = "net" ] || continue

+		# Install permissions for GRE traffic
+		case "${interface_mode}" in
+			gre)
+				if [ -n "${remote}" ]; then
+					iptables -A IPSECINPUT -p gre \
+						-s "${remote}" -j ACCEPT
+
+					iptables -A IPSECOUTPUT -p gre \
+						-d "${remote}" -j ACCEPT
+				fi
+				;;
+		esac
+
 		# Split multiple subnets
 		rightsubnets="${rightsubnets//\|/ }"