Technical Tip: GRE-only tunnel over loopback interface

Description

This article describes the configuration of a GRE-only tunnel with a loopback interface.

Scope 

FortiGate.

Solution

Note: When using a loopback interface for a GRE tunnel, specifying the loopback interface under the GRE settings is not necessary, as shown below:

FortiGate 1 (using loopback interface):

config system gre-tunnel
    edit "fgt2”
        set remote-gw 10.56.240.119
        set local-gw 10.11.0.1
    next
end

config system interface
    edit "loopback"
        set vdom "root"
        set ip 10.11.0.1 255.255.255.255
        set allowaccess ping
        set type loopback
        set snmp-index 13
    next
end

FortiGate 2 settings:

config system gre-tunnel
    edit "fgt1"
        set interface "port1"
        set remote-gw 10.11.0.1
        set local-gw 10.56.240.119
    next
end

config system interface
    edit "port1"
        set vdom "root"
        set ip 10.56.240.119 255.255.252.0
        set allowaccess ping https ssh http telnet fgfm
        set type physical
        set snmp-index 1
    next
end

To verify the tunnel status, use the following CLI commands:

diagnose sys gre list
diagnose netlink interface list | grep <GRE-Tunnel-Name>

Related article:

Technical Tip: Configuring and verifying a GRE tunnel between two FortiGates (static routing)