Community discussions

MikroTik App
Member Candidate
Member Candidate
Topic Author
Posts: 259
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India

GRE over VRF

Sun Jul 24, 2022 4:48 pm

I have 3 ISP connections. I have a main routing table and a VRF. VRF is used for GRE tunnels. I am unable to get the GRE tunnel running on v7.4 stable. Is there any workaround to get it done? I am sharing my config too.
# jul/24/2022 19:14:31 by RouterOS 7.4
# software id = 5BN5-KMF2
# model = RB5009UG+S+
# serial number = EC190FF69B86
/interface bridge
add add-dhcp-option82=yes dhcp-snooping=yes frame-types=\
admit-only-vlan-tagged ingress-filtering=no name=Bridge vlan-filtering=\
add name=Loopback
/interface ethernet
set [ find default-name=ether1 ] comment=WAN-LINKS
set [ find default-name=ether7 ] comment=WLAN
set [ find default-name=ether8 ] comment=DC
set [ find default-name=sfp-sfpplus1 ] advertise=1000M-full \
sfp-shutdown-temperature=62C speed=1Gbps
/interface l2tp-server
add name=DumDum user=mainak
/interface gre
add allow-fast-path=no name=Kochi remote-address=
add !keepalive local-address= name=MarekGondek-PNI \
add disabled=yes !keepalive local-address= name=Securebit-AG \
/interface wireguard
add listen-port=51833 mtu=1420 name=Route48-SG
add listen-port=13232 mtu=1420 name=WSNL-bkp
/interface vxlan
add mac-address=E2:04:86:4D:5E:61 name=Madhyamgram port=8472 vni=69
add mac-address=4A:E6:21:4E:9A:76 name=Openswitch-IX port=4789 vni=3
/interface vlan
add interface=ether1 name=ABSPL-500 vlan-id=500
add interface=ether1 name=BSNL-425 vlan-id=425
add interface=Bridge name=DC-300 vlan-id=300
add interface=Bridge name=LAN-100 vlan-id=100
add interface=Bridge name=WLAN-200 vlan-id=200
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=ABSPL-500 name=\
ABSPL-PPPoE service-name=abs_78 use-peer-dns=yes user=kanika_cenn
add allow=chap disabled=no interface=BSNL-425 name=BSNL-PPPoE use-peer-dns=\
set usb1 disabled=no
set usb1-part1 disabled=no name=disk1
/interface list
add name=WAN
add name=GRE
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-192,aes-128 \
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 pfs-group=modp2048
/ip pool
add name=l2tp-roadwarrior ranges=
add name=dhcp_pool0 ranges=
add name=dhcp_pool1 ranges=
/ip dhcp-server
add address-pool=dhcp_pool0 interface=LAN-100 lease-time=1w name=dhcp1
add address-pool=dhcp_pool1 interface=WLAN-200 lease-time=1w name=dhcp2
/ip vrf
add interfaces=ABSPL-500,DC-300,GRE name=AS-213326
/ppp profile
set *FFFFFFFE dns-server=
/routing bgp template
add address-families=ipv6 as=213326 disabled=no input.affinity=remote-as \
name=route48 output.affinity=remote-as .filter-chain=route48-out \
.network=route48-out router-id=
/routing ospf instance
add disabled=no name=ospf-v2
/routing ospf area
add disabled=no instance=ospf-v2 name=ospf-backbone-v2
add area-id= disabled=no instance=ospf-v2 name=ospf-area-2
add area-id= disabled=no instance=ospf-v2 name=ospf-area-1
/interface bridge port
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether2 pvid=100
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether3 pvid=100
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether4 pvid=100
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether5 pvid=100
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether6 pvid=100
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether7 pvid=200
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether8 pvid=300
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set rp-filter=strict tcp-syncookies=yes
/interface bridge vlan
add bridge=Bridge tagged=Bridge vlan-ids=100
add bridge=Bridge tagged=Bridge vlan-ids=200
add bridge=Bridge tagged=Bridge vlan-ids=300
/interface l2tp-server server
set allow-fast-path=yes enabled=yes l2tpv3-circuit-id=100 l2tpv3-digest-hash=\
sha1 one-session-per-host=yes use-ipsec=yes
/interface list member
add interface=ABSPL-500 list=WAN
add interface=BSNL-PPPoE list=WAN
add interface=Kochi list=GRE
/interface ovpn-server server
set auth=sha256,sha512 certificate=OVPNServer cipher=aes256 protocol=udp
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set enabled=yes
/interface vxlan vteps
add interface=Openswitch-IX port=4789 remote-ip=
add interface=Madhyamgram remote-ip=
/interface wireguard peers
add allowed-address=::/0 endpoint-address= endpoint-port=51833 \
interface=Route48-SG public-key=\
add allowed-address=::/0 endpoint-address= endpoint-port=13232 \
interface=WSNL-bkp public-key=\
add allowed-address= endpoint-address= endpoint-port=\
13231 interface=*36 public-key=\
add allowed-address= interface=*37 public-key=\
/ip address
add address= interface=Loopback network=
add address= interface=Madhyamgram network=
add address= interface=Route48-SG network=
add address= interface=ether1 network=
add address= interface=LAN-100 network=
add address= interface=WLAN-200 network=
add address= interface=DC-300 network=
add address= interface=Kochi network=
add address= interface=ABSPL-500 network=
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip cloud advanced
set use-local-address=yes
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server network
add address= dns-server= gateway=
add address= dns-server= gateway=
/ip dns
set servers=
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ABSPL-500
add action=masquerade chain=srcnat out-interface=ABSPL-PPPoE
add action=masquerade chain=srcnat out-interface=BSNL-PPPoE
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add disabled=no distance=2 dst-address= gateway=BSNL-PPPoE pref-src=\ routing-table=main scope=30 suppress-hw-offload=no target-scope=\
add check-gateway=ping disabled=no distance=1 dst-address= gateway=\ pref-src= routing-table=AS-213326 scope=30 \
suppress-hw-offload=no target-scope=10 vrf-interface=ABSPL-500
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8080 vrf=AS-213326
set ssh disabled=yes
set api disabled=yes
set winbox vrf=AS-213326
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ABSPL-500 type=external
add interface=Bridge type=internal
add interface=ether7 type=internal
add interface=BSNL-PPPoE type=external
/ipv6 dhcp-client
add interface=ABSPL-PPPoE pool-name=ABSPL-v6 pool-prefix-length=60 request=\
/routing igmp-proxy interface
add interface=DC-300
add interface=ABSPL-500 upstream=yes
add interface=LAN-100
add interface=WLAN-200
/routing ospf interface-template
add area=ospf-backbone-v2 disabled=no interfaces=Loopback networks=\
add area=ospf-backbone-v2 disabled=no interfaces=LAN-100 networks=\
add area=ospf-backbone-v2 disabled=no interfaces=WLAN-200 networks=\
add area=ospf-backbone-v2 disabled=no interfaces=DC-300 networks=\
add area=ospf-backbone-v2 disabled=no interfaces=Kochi networks=\ type=ptp
add area=ospf-area-2 disabled=no interfaces=Madhyamgram networks=\ type=ptp
add area=ospf-area-1 disabled=no interfaces=DumDum networks= \
add area=ospf-backbone-v2 disabled=no interfaces=ether1 networks=\
/routing rpki
add address=2606:4700:60::2 disabled=yes expire-interval=7200 group=\
cloudflare-rtr port=8282 refresh-interval=3600 retry-interval=600 vrf=\
add address= disabled=yes expire-interval=7200 group=cloudflare-rtr \
port=8282 refresh-interval=3600 retry-interval=600 vrf=main
/system clock
set time-zone-name=Asia/Kolkata
/system identity
/system note
set note="This router belongs to AS213326. Unauthorised access is strictly pro\
hibited. All login attempts are logged." show-at-login=no
/system ntp client
set enabled=yes vrf=AS-213326
/system ntp client servers
/system routerboard settings
set auto-upgrade=yes
/tool graphing interface
add interface=ABSPL-500 store-on-disk=no
add interface=BSNL-PPPoE store-on-disk=no
add interface=DC-300 store-on-disk=no
add interface=WLAN-200 store-on-disk=no
add interface=LAN-100 store-on-disk=no
/tool graphing resource
add store-on-disk=no
/tool romon
set enabled=yes

Who is online

Users browsing this forum: Google [Bot] and 1 guest