GRE tunnel down after 20minutes

zakwan · August 3, 2021, 7:55am

Hi,

I have a VyOS installed in AWS cloud (VyOS 1.2.6-s1).
I then established GRE tunnel with my client through AWS Direct Connect.
Then I static route through this GRE tunnel.
I can ping tunnel ip, and their internal ip.

However after around 20 minutes their internal IP unable to ping my internal ip.
Then I try to ping from my AWS to either their tunnel ip or internal ip, then their internal able to ping to my internal again. Its seems like if there is no traffic/idle mode after 20 minutes it will drop the ping packet until I initiate ping from tunnel source.

I’ve do some test with OSPF via GRE tunnel and link are ok with no issue perhaps OSPF keep sending hello packet to neighbor.

May I know if there is a DPD (like ipsec) or keepalive feature for tunnel configuration to avoid idle connection through static route GRE tunnel?

Dmitry · August 4, 2021, 6:06am

Hello @zakwan , it looks like the AWS conntrack cache is available for around 20 minutes. Did you try to change AWS Firewall?

I believe this feature request can help https://phabricator.vyos.net/T3195

zakwan · August 6, 2021, 1:49pm

Hi Dmitry,

I’m not setting AWS firewall. Only Security group that allow all. Do I have to create firewall for GRE tunnel protocol allowed from source to destination tunnel ip so that GRE tunnel will not goes down/idle?

According to https://phabricator.vyos.net/T3195 given I changed the net.ipv4.conf.tun10.accept_local = 1, however the tunnel still down/idle after 20minutes.

system · November 8, 2021, 3:15am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.