[LARTC] Problems with GRE-tunnel and IP Masq

[LARTC] Problems with GRE-tunnel and IP Masq

[Ramon de Vries]

Hi all,

I'm managing a wireless network with around 70 sites in Ecuador, all linux
routers and Lucent RG-1000/Aironet bridges.
I have 5 exits (5 diffent ISPs) in my network and I want to change the
static routing for dynamic routing  with  redundancy.
Because all 5 ISPs have their own clients I want to connect all clients to
their ISP using GRE tunnels (and in the future IPSEC) and internally do
dynamic routing between client and ISP.

But I run in a strange problem: When I use GRE tunnel with static routing
(with and without IP Masq), sending and  recieving e-mail, pinging internet
and traceroute works OK, but surfing the web is extreemly slow (NOT
WORKING).
(below more information on setup, without tunnel everything is working OK)

I searched the internet but could not find any similar cases, what's
happening? Is this a problem with MTU? GRE is 1476  the other interfaces
1500 or something else?
(we observed a strange effect, if we surf the web via a yahoo messenger it
does work!!!, but within IE it doesn't)

Can I solve the dynamic routing with 5 exits (and for every client it's own
exit ) in another way?

(it's important that very client enters/leaves through their ISP, only my
internal network should be dynamic)

Ramon


-----------------------
Setup
---------
I'm using RedHat linux 7.3 kernel 2.4.9-31
client network (windows)
192.168.236.0/24
    |
    |
linux box
eth0 192.168.236.1
eth1 10.9.8.61
eth1 GRE tunnel to 10.8.8.1
    |
    |
wireless network
10.0.0.0/8 (3 linux hops, min 50 ms avg 150ms max 250ms)
    |
    |
linux box
eth1 10.8.8.1
eth1 GRE tunnel to 10.9.8.61
eth0 real IP 200.61.x.y using IP Masq for private net 192.168.0.0/16


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/