0

I'm trying to set up an ip6gre tunnel on Ubuntu with kernel 6.5.0-35-generic #35~22.04.1-Ubuntu and iproute2 5.15.0-1ubuntu2.

I ran into bugs with netplan and systemd-networkd (sigh) so I figured I'd get the manual case working first. I did the following, which appears to be correct:

ip tunnel add foo0 mode ip6gre remote f00::1234 local f00::456 ttl 255 dev ens18
ip link set up dev foo0
ip addr add fafa::1/127 dev foo0

where f00::1234 is the remote endpoint and f00::456 is the IP assigned to device ens18.

Note I'm explicitly also passing the dev ens18 argument.

This results in a device foo0 being created and showing up in ip link show. So, the interface exists and is up.

15: foo0@ens18: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1424 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/gre6 f00::456 peer f00::1234 permaddr 427c:3969:7ac1::

However, when I send traffic to it, the gre packets are sent with the correct source address but over the wrong outgoing interface. As this is a router, there is a more specific route in the kernel routing table over said device. But there is also a default route via ens18. I would assume, having set the correct source address and an explicit device in the creation of the tunnel, packets would flow over this interface and route as indeed they do with random userland software (e.g. ping6 f00::1234 -I ens18 does what I would expect it to do).

I get the impression this is a bug in either the kernel implementation of ip6gre or in iproute2. But I'm a little too far out of my comfort zone to sign up to either projects mailing lists and make a fool of myself in front of the grownups if I'm missing something or doing something stupid.

Can anyone help me with this issue?

edit: I should clarify I'm aware I can work around this with policy based routing, I would rather avoid that if I can

edit2: I caved and did it the proper way. Leaving this up in case someone runs into this so they know they're not going crazy. You can work around the issue by setting a specific /128 route for your endpoint or do as I did and fix it properly by setting up policy-based routing (make an extra routing table that has a the default route, use ip -6 rule from $YOURPREFIX table $YOURNEWTABLE to make it use that table).

1 Answer 1

0
#!/bin/bash

# Create the GRE tunnel
ip tunnel add foo0 mode ip6gre remote f00::1234 local f00::456 ttl 255 dev ens18
ip link set foo0 up
ip addr add fafa::1/127 dev foo0

# Add a specific route for the remote endpoint
ip -6 route add f00::1234/128 dev ens18

# Set up policy-based routing
ip -6 rule add from f00::456/128 table gre_table
ip -6 route add default via f00::1 dev ens18 table gre_table
ip -6 route add f00::1234/128 dev ens18 table gre_table
New contributor
warashi nguyen is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.
1
  • thank you for making it a little more explicit and nicer to read for others reading this question but this is what I already did - not what I was looking for
    – Marlies
    Commented 21 hours ago

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .