Page MenuHomeVyOS Platform
Create Task
Maniphest T3195

Add support for cisco style GRE keepalives
Needs testing, NormalPublic
Actions

Description

Add Cisco style GRE keepalive support [0] using [1].

This is useful for tunnel up/down detection and is required by several DDoS mitigation providers.

[0] https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118370-technote-gre-00.html
[1] https://github.com/Jamesits/linux-gre-keepalive

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202101071430
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

Unknown Object (User) created this task.Jan 8 2021, 9:15 AM
Unknown Object (User) created this object in space S1 VyOS Public.
pasik added a subscriber: pasik.Jan 8 2021, 1:51 PM
dmbaturin added projects: VyOS 1.3 Equuleus, VyOS 1.4 Sagitta.May 29 2021, 8:03 AM
c-po added a subscriber: c-po.EditedJun 1 2021, 7:16 PM

Why not use the mentioned method of sysctl`

VyOS 1.3: set system sysctl custom net.ipv4.conf.all.accept_local value 1
VyOS 1.4: set system sysctl parameter net.ipv4.conf.all.accept_local value 1

Or even limit this to your tunnel interface (tun10):

VyOS 1.3: set system sysctl custom net.ipv4.conf.tun10.accept_local value 1
VyOS 1.4: set system sysctl parameter net.ipv4.conf.tun10.accept_local value 1

It probably would make sense to add a real CLI note for this unter the tunnel interface.

c-po changed the task status from Open to Needs testing.Jun 4 2021, 12:51 PM
c-po claimed this task.
c-po moved this task from Need Triage to Backlog on the VyOS 1.3 Equuleus board.
c-po moved this task from Need Triage to Backlog on the VyOS 1.4 Sagitta board.
Unknown Object (User) added a comment.Jun 11 2021, 9:43 AM

See [1] from the previous post:

Note: If you don't want to install anything and don't care about some potential security problems, just enable the following 2 options to get native GRE keepalive support on Linux: […]

I care. Setting these sysctl parameters allows for relaying arbitrary traffic through the router.

c-po mentioned this in T3813: Some custom sysctl parameters can't be applied bug.Sep 8 2021, 12:40 PM
syncer removed a project: VyOS 1.3 Equuleus.Oct 17 2021, 1:06 PM
dmbaturin triaged this task as Normal priority.Jan 9 2024, 5:06 PM
dmbaturin added a project: VyOS 1.5 Circinus.
dmbaturin set Issue type to Improvement (missing useful functionality).