Oh, right... You'll have to upgrade the routing instance to virtual-router in order to put the GRE tunnel in it. That, of course, will comes with more work:
All that being said, I think it's worth doing a flow trace to confirm this is really the issue before doing all this extra work to move the GRE tunnel into a separate routing instance.
Original Message:
Sent: 06-14-2024 02:05
From: TOMAS JENSEN
Subject: No return packets via tunnel
Hi Nicolay,
Forwariding instances don't hav interfaces attached:
BR
Tomas Jensen
------------------------------
TOMAS JENSEN
Original Message:
Sent: 06-11-2024 17:45
From: Nikolay Semov
Subject: No return packets via tunnel
Interface gr-0/0/0.42 is not in the TUNNEL-INSTANCE routing instance. While traffic originating from the inside correctly uses the filter to look up routes in COAX-INSTANCE, when a new session is initiated by traffic from gr-0/0/0.42, then the reverse route back to 87.55.148.197 is looked up in whatever instance the gre interface is in, and that's likely sending the return traffic where you don't want it. That would be my guess.
You can use monitor security flow commands to set up a flow trace and see exactly what routes are selected.
Disclaimer: I'm having difficulty following the config you posted as it's incomplete, uses set commands, it split into sections, and even includes delete commands. I also have trouble following rib-groups in my head in general.
------------------------------
Nikolay Semov
Original Message:
Sent: 05-29-2024 10:00
From: TOMAS JENSEN
Subject: No return packets via tunnel
Issue is that I am trying to get a web server tunneled via gre to the internet using filter based routing and static NAT. From web-server all seems working. wget a site on the net uses the tunnel as expected, but when using telnet x.x.x.x 80 to the server there is no reply. Using tcpdump I can see packets arriving and replies beeing sendt. Flow sessions are being setup to the tunnel:
Session ID: 1680, Policy name: RASPHTTP/12, Timeout: 4, Valid
In: 87.55.148.197/42802 --> 87.61.119.138/80;tcp, Conn Tag: 0x0, If: gr-0/0/0.42, Pkts: 2, Bytes: 120,
Out: 192.168.2.90/80 --> 87.55.148.197/42802;tcp, Conn Tag: 0x0, If: irb.0, Pkts: 0, Bytes: 0,
What am I overseeing?
Configuration is attached.
BR
Tomas Jensen
------------------------------
TOMAS JENSEN
------------------------------