From b54cd874b9c3f566cf65d290f13982c134c5a28b Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 29 Nov 2018 15:58:55 +0000
Subject: [PATCH] ipsec-policy: Permit GRE traffic for GRE connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/firewall/ipsec-policy | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/config/firewall/ipsec-policy b/config/firewall/ipsec-policy
index 53384fc5de..32d171f353 100644
--- a/config/firewall/ipsec-policy
+++ b/config/firewall/ipsec-policy
@@ -82,6 +82,19 @@ install_policy() {
 		# Check if this a net-to-net connection
 		[ "${type}" = "net" ] || continue
 
+		# Install permissions for GRE traffic
+		case "${interface_mode}" in
+			gre)
+				if [ -n "${remote}" ]; then
+					iptables -A IPSECINPUT -p gre \
+						-s "${remote}" -j ACCEPT
+
+					iptables -A IPSECOUTPUT -p gre \
+						-d "${remote}" -j ACCEPT
+				fi
+				;;
+		esac
+
 		# Split multiple subnets
 		rightsubnets="${rightsubnets//\|/ }"
 
-- 
2.39.2