GIF and GRE support now in 1.3

July 25th, 2008 by Chris Buechler

Thanks to Ermal, we now have support for GIF and GRE tunneling in pfSense. Integration with IPsec is coming soon. This isn’t something most people will use, but some like to use gif with IPsec and some need GRE for interoperability with other vendors’ equipment (commonly Cisco in some specific configurations that utilize it).

The use of tunneling with IPsec allows the use of routing across VPN, rather than requiring a SPD match, which is preferable in some environments. It also allows the use of routing protocols across VPN.

17 Responses to “GIF and GRE support now in 1.3”

  1. StrafeLife Says:

    Where is all this energy coming from? Its seems as if pfsense is turbocharged of late. Whatever the case, keep it coming!

    Thank you Ermal Luçi!

  2. Chris Buechler Says:

    There have been a lot of announcements in the past week, some of it has been a work in progress for a couple months. The announcements in the past week are way more work than could be finished in a week. :)

    Matthew Grooms and Ermal Luçi have been turbocharged the past 3 weeks or so, really cranking out some great stuff. A number of the rest of us have been busy helping define, test and refine their changes.

    1.3 is shaping up to really be an incredible release thanks to the efforts of a number of developers and the community helping test and report issues on the forum.

  3. Slick Says:

    PLEASE PLEASE PLEASE have a L2TP server :P

    Pretty please!!!

    With sugar on top!

    Im all hardware, but if I could program I would do it..

  4. StrafeLife Says:

    Chris,

    Is there anything that you guys need in terms of hardware? Or simply donations?

  5. Chris Buechler Says:

    StrafeLife: nothing specifically at this moment, keep the blog here in your RSS reader and we’ll put up posts when we have specific needs. If you don’t use a RSS reader, you can get the posts on your email by signing up here.
    http://www.rssfwd.com/

  6. blackbird Says:

    This is the best firewall I have found, I love the web interface and the easy setup. Thanks for all your hard work, I wish I was a programmer so I could give back to the community.

  7. Paul Everson Says:

    Hi,

    Would be really neat if you could include the opennhrp stuff and make it DMVPN compatible… is this something thats on your roadmap?

    :)

  8. Chris Buechler Says:

    Paul: Not planned at this time, but feel free to open a feature request ticket at http://cvstrac.pfsense.org

  9. John Says:

    Great work on a wonderful firewall. I would second Slicks plea for an L2TP server. Perhaps we can get enough interested users together and build a decent bounty???

  10. Kobby Says:

    Anything about supporting H.323?

  11. Ask Bjørn Hansen Says:

    Is there a timeline for 1.3? I didn’t realize until just now that gif devices (with ipsec) isn’t supported in 1.2.1 which just about is ruining my plans for how we’re setting that up. Aaargh!

  12. Chris Buechler Says:

    No timeline yet, it’ll be sometime in 2009. A more specific timeline will be available in the coming months.

  13. Ron Says:

    Will the 1.3 GRE support be needed if you just want to forward GRE packets to your VPN server? We have a Windows VPN server behind the firewall and port forward PPTP and GRE (Protocol 47) to this server so our remote users can connect. Will this work on 1.2 or do we have to wait for 1.3?

  14. Chris Buechler Says:

    This isn’t related to forwarding of GRE, that’s been possible since before 1.0. You can either use the PPTP server’s forward functionality or port forwards for TCP 1723 and GRE (not the best description for other IP protocols given “port” means nothing for non-TCP/UDP traffic, but that’s a whole other discussion that’s already been had at length).

  15. emb3dd3d Says:

    Ok, I third the L2TP option… We are in the process of replacing our fw’s and I immediately thought of Pfsense over the ones we have been using. Here was my list of choices: Monowall, Pfsense, Untangle, Vyatta. I think they all have their purpose, depending on your needs. Pfsense gives the best ROI and peace of mind out of all of them (imho). Now only if it supported the already in place L2TP clients, I would be in heaven. We may go with vyatta for now, but I would love to go straight Pfsense.

  16. emb3dd3d Says:

    oops.. forgot to say good deal on Gre !

  17. John Yii Says:

    Can’t wait for the GRE limit remove. We have to revert back to IPCOP because multiple people from behind the firewall are making PPTP connection to the same IP address.

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply