After some research (after an upgrade which stopped working), I have identified an issue where the same config of GRE tunnel between VyOS and a Cisco router (running IOS 15.1) worked with 1.1.8 & fails with 1.2.0.

The VyOS config (from a blank install) is:-

set interface ethernet eth0 address

set interfaces tunnel tun1 address ''
set interfaces tunnel tun1 encapsulation 'gre'
set interfaces tunnel tun1 local-ip ''
set interfaces tunnel tun1 mtu '1476'
set interfaces tunnel tun1 multicast 'disable'
set interfaces tunnel tun1 remote-ip ''

The Cisco config is:-

interface Tunnel1
 ip address
 keepalive 10 3
 tunnel source FastEthernet0/0
 tunnel destination
interface FastEthernet0/0
 ip address
 duplex auto
 speed auto

With 1.1.8 the tunnel comes up on the Cisco end and one can ping both ways. With 1.2.0, it does not come up and the VyOS end repeatedly logs:-

Apr  6 14:37:11 localhost kernel: [  261.542958] IPv4: martian source from, on dev tun1
Apr  6 14:37:21 localhost kernel: [  271.541949] IPv4: martian source from, on dev tun1

Looking at a PCAP of the packets coming from the Cisco on both versions, I have been unable to spot any difference between them.


With apologies (not having used Phabricator before), I think I may not have filed this bug report correctly. I also did not intend to "triage" it when filing it, as this should be done by a responsible adult! :-)

Am adding a couple of tags to try to get it to look like other bug reports...

Hello, @matthewr!

Unfortunately, current Linux GRE and network stack implementations don't support Cisco-style of GRE keepalives (GRE inside GRE, with spoofed IP addresses). From the Linux point of view, those packets look like martians, and the kernel drop them, information about what you can see inside a log.
Try to disable the keepalive at the Cisco side, after this tunnel must be fully functional.


Thank you most kindly for the information. Adding:-

interface tunnel1
 no keepalive

gets the tunnel working correctly. Much appreciated...