[CentOS] Libreswan IPSec Protected GRE Tunnel & firewall-cmd

Tue Apr 24 20:36:28 UTC 2018
Adam Tauno Williams <awilliam at whitemice.org>

On Tue, 2018-04-24 at 14:18 -0400, Adam Tauno Williams wrote:
> I am attempting to setup an IPSec protected GRE tunnel with a Cisco
> router.  I believe the IPSec association is up, however I cannot move
> traffic over the tunnel.
> It is not clear how to integrate the tunnel interface (gre1) with
> firewall-cmd; adding the interface to trusted does not appear to
> 'stick'.

While I cannot reference the interface in a firewall rule I have been
able to get the tunnel operational using:

  firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT