«
»

GIF and GRE support now in 1.3

Thanks to Ermal, we now have support for GIF and GRE tunneling in pfSense. Integration with IPsec is coming soon. This isn’t something most people will use, but some like to use gif with IPsec and some need GRE for interoperability with other vendors’ equipment (commonly Cisco in some specific configurations that utilize it).

The use of tunneling with IPsec allows the use of routing across VPN, rather than requiring a SPD match, which is preferable in some environments. It also allows the use of routing protocols across VPN.

Tags:

This entry was posted by on Friday, July 25th, 2008 at 11:53 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

17 Responses to “GIF and GRE support now in 1.3”

  1. StrafeLife Says:
    July 25th, 2008 at 9:46 pm

    Where is all this energy coming from? Its seems as if pfsense is turbocharged of late. Whatever the case, keep it coming!

    Thank you Ermal Luçi!

  2. Chris Buechler Says:
    July 26th, 2008 at 12:03 pm

    There have been a lot of announcements in the past week, some of it has been a work in progress for a couple months. The announcements in the past week are way more work than could be finished in a week. :)

    Matthew Grooms and Ermal Luçi have been turbocharged the past 3 weeks or so, really cranking out some great stuff. A number of the rest of us have been busy helping define, test and refine their changes.

    1.3 is shaping up to really be an incredible release thanks to the efforts of a number of developers and the community helping test and report issues on the forum.

  3. Slick Says:
    July 26th, 2008 at 10:44 pm

    PLEASE PLEASE PLEASE have a L2TP server :P

    Pretty please!!!

    With sugar on top!

    Im all hardware, but if I could program I would do it..

  4. StrafeLife Says:
    July 27th, 2008 at 1:03 pm

    Chris,

    Is there anything that you guys need in terms of hardware? Or simply donations?

  5. Chris Buechler Says:
    July 27th, 2008 at 1:58 pm

    StrafeLife: nothing specifically at this moment, keep the blog here in your RSS reader and we’ll put up posts when we have specific needs. If you don’t use a RSS reader, you can get the posts on your email by signing up here.
    http://www.rssfwd.com/

  6. blackbird Says:
    July 28th, 2008 at 11:45 pm

    This is the best firewall I have found, I love the web interface and the easy setup. Thanks for all your hard work, I wish I was a programmer so I could give back to the community.

  7. Paul Everson Says:
    July 31st, 2008 at 12:40 pm

    Hi,

    Would be really neat if you could include the opennhrp stuff and make it DMVPN compatible… is this something thats on your roadmap?

    :)

  8. Chris Buechler Says:
    July 31st, 2008 at 1:33 pm

    Paul: Not planned at this time, but feel free to open a feature request ticket at http://cvstrac.pfsense.org

  9. John Says:
    August 3rd, 2008 at 3:17 pm

    Great work on a wonderful firewall. I would second Slicks plea for an L2TP server. Perhaps we can get enough interested users together and build a decent bounty???

  10. Kobby Says:
    August 8th, 2008 at 6:57 am

    Anything about supporting H.323?

  11. Ask Bjørn Hansen Says:
    August 21st, 2008 at 7:25 am

    Is there a timeline for 1.3? I didn’t realize until just now that gif devices (with ipsec) isn’t supported in 1.2.1 which just about is ruining my plans for how we’re setting that up. Aaargh!

  12. Chris Buechler Says:
    August 21st, 2008 at 10:38 am

    No timeline yet, it’ll be sometime in 2009. A more specific timeline will be available in the coming months.

  13. Ron Says:
    September 3rd, 2008 at 11:45 am

    Will the 1.3 GRE support be needed if you just want to forward GRE packets to your VPN server? We have a Windows VPN server behind the firewall and port forward PPTP and GRE (Protocol 47) to this server so our remote users can connect. Will this work on 1.2 or do we have to wait for 1.3?

  14. Chris Buechler Says:
    September 3rd, 2008 at 12:06 pm

    This isn’t related to forwarding of GRE, that’s been possible since before 1.0. You can either use the PPTP server’s forward functionality or port forwards for TCP 1723 and GRE (not the best description for other IP protocols given “port” means nothing for non-TCP/UDP traffic, but that’s a whole other discussion that’s already been had at length).

  15. emb3dd3d Says:
    September 21st, 2008 at 12:35 pm

    Ok, I third the L2TP option… We are in the process of replacing our fw’s and I immediately thought of Pfsense over the ones we have been using. Here was my list of choices: Monowall, Pfsense, Untangle, Vyatta. I think they all have their purpose, depending on your needs. Pfsense gives the best ROI and peace of mind out of all of them (imho). Now only if it supported the already in place L2TP clients, I would be in heaven. We may go with vyatta for now, but I would love to go straight Pfsense.

  16. emb3dd3d Says:
    September 21st, 2008 at 12:37 pm

    oops.. forgot to say good deal on Gre !

  17. John Yii Says:
    October 2nd, 2008 at 2:23 am

    Can’t wait for the GRE limit remove. We have to revert back to IPCOP because multiple people from behind the firewall are making PPTP connection to the same IP address.

Leave a Reply