GRE Tunnel Dies in 1 direction

Question

I have built a GRE tunnel over tap0 interface between 2 Centos-7 hosts. I've done this via the following:

• Host-A: 10.0.10.5
• Host-B: 10.0.20.5

On host A:

ip tunnel add tap0 mode gre remote 10.0.20.5 local 10.0.10.5 ttl 255
ip link set tap0 up
ip addr add 10.10.10.1/24 dev tap0

on host B:

ip tunnel add tap0 mode gre remote 10.0.10.5 local 10.0.20.5 ttl 255
ip link set tap0 up
ip addr add 10.10.10.2/24 dev tap0

after doing this, everything is working great. I can ping on both directions. The issue is that after a few minutes, the tunnel from Host-A to Host-B dies. The interface is still up though.

I have run tcpdump on both sides. tcpdump on Host-A shows packets going out over tap0, but tcpdump on Host-B shows nothing received.

If I log into Host-B and ping Host-A the tunnel is alive again and Host-A can then ping Host-B. I have done a psuedo-keepalive by creating a cron job on Host-B and ping Host-A once a minute and this keeps the tunnel up, but I don't think this should be necessary.

I haven't found anything in documentation I've read that states GRE tunnels have a timeout. Has anyone else experienced this ?

Answer 1

1. You use the stateless GRE tunnel. It's just encapsulation without any establishing and negotiation phases.
2. Run the tcpdump and check, what GRE packets go out from one side and arrive to other side.
3. Check the iptables rules with iptables-save -c command. You should allow incoming packets of GRE protocol. Check it on both sides.

iptables -A INPUT -p 47 -j ACCEPT

4. Also, issue can be caused by statefull firewall between hosts.