OpenWrt Forum Archive

Topic: How to open IP Protocol 47 (GRE) in Luci?

The content of this topic has been archived on 26 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hi All

I am running a WHS 2011 box behind a TP-Link WR2543ND router, which I have flashed to openWRT (with luci installed)

I have been searching the internet for a while and can't seem to find the answer I am looking for.

I have set up a VPN (just using network connections within Windows) on the WHS and would like to tunnel into it externally.

I have tried using a Windows 7 machine (external to the network) and the VPN works just as expected. However I am now trying it on an XP machine (also external to the WHS network, but on a different network to the 7 machine) and it is spitting out error 721...which I have googled and found it is a GRE issue.

The only thing I have done on the router end is open the PPTP Port for the WHS's IP address; I simply can't figure out how to enable / allow GRE.

Is there something staring me in the face that i'm missing?

Cheers

you need to configure your openwrt firewall to open up TCP port 1723 for pptp and IP protocol (not port) 47 for GRE.

(Last edited by bugalugs on 11 Apr 2012, 08:52)

Add a new port forward (traffic redirection) rule. Set source zone to wan, destination zone to lan, destination ip to your internal lan vpn client.
Set the protocol to "-- custom --" and then enter "gre" as value, hit save & apply.

jow wrote:

Add a new port forward (traffic redirection) rule. Set source zone to wan, destination zone to lan, destination ip to your internal lan vpn client.
Set the protocol to "-- custom --" and then enter "gre" as value, hit save & apply.

Hi Jow

Thanks for that, that's exactly what I was after!

Unfortunately however, it appears it has not solved the problem sad. I did some more testing and found that the reason Windows 7 was working was because it was using SSTP (not PPTP). Once I changed it to use PPTP (like XP) it spat out an error (and actually pointed out it was probably a GRE issue).

Anywho, here is a screenshot of my GRE config:

http://img.techpowerup.org/120413/Firewallrules.jpg

If I've missed anything please let me know!

Thanks again!

(Last edited by ult_nrg on 13 Apr 2012, 08:09)

Same issue,
Thanks,

install this and will work smile

kmod-ipt-nathelper-extra
kmod-gre

and
Add a new port forward (traffic redirection) rule. Set source zone to wan, destination zone to lan, destination ip to your internal lan vpn client.
Set the protocol to "-- custom --" and then enter "gre" as value, hit save & apply.

and forwarding 1723 tcp and 1701 udp

working on 12.09-beta on tp-link1043

(Last edited by xtr3m3 on 31 Jan 2014, 23:57)

I have the same issue on a related configuration. My client is on LAN and the VPN server on WAN. Opening the 1723 was straightforward and I see traffic on my client on port 1723 going in both directions. (Nothing on ports 50, 500 and 1701 or 4500, btw.) However, GRE packets only leave the client but nothing ever comes back.

Worse: I cannot install
kmod-gre (which should help me doing GRE forwards)
or
kmod-ipt-nathelper-extra (an enhancment for enabling more than one connection at a time).

Here is what happens:





root@Poseidon:~# opkg update
Downloading http://downloads.openwrt.org/attitude_a … ckages.gz.
Updated list of available packages in /var/opkg-lists/packages.

root@Poseidon:~# opkg install kmod-gre
Installing kmod-gre (3.3.8-1) to root...
Downloading http://downloads.openwrt.org/attitude_a … r71xx.ipk.
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-gre:
*     kernel (= 3.3.8-1-5440da3a2c45184a32da6bba25b8dd2a) *     kernel (= 3.3.8-1-5440da3a2c45184a32da6bba25b8dd2a) *
* opkg_install_cmd: Cannot install package kmod-gre.

root@Poseidon:~# opkg install kmod-ipt-nathelper-extra
Installing kmod-ipt-nathelper-extra (3.3.8-1) to root...
Downloading http://downloads.openwrt.org/attitude_a … r71xx.ipk.
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ipt-nathelper-extra:
*     kernel (= 3.3.8-1-5440da3a2c45184a32da6bba25b8dd2a) *     kernel (= 3.3.8-1-5440da3a2c45184a32da6bba25b8dd2a) *
* opkg_install_cmd: Cannot install package kmod-ipt-nathelper-extra.

root@Poseidon:~# uname -a
Linux Poseidon 3.3.8 #1 Sat Mar 23 16:49:30 UTC 2013 mips GNU/Linux

root@Poseidon:~# lsmod | grep -i gre | wc
        0         0         0




So far I could not get myself to try a force install (--force-depends) for fear of ruining the system.
Any chance to get GRE passthrough working without those modules?

The discussion might have continued from here.