We are currently testing GRE over IPSEC between one of our 5G NR / 4G LTE router model and Cisco VPN router. The WAN IP Address on remote 5G NR / 4G LTE router is 172.20.1.2 while the WAN IP Address on Cisco VPN router on other side is 172.20.10.10. Also for the interesting traffic for IPSEC the Left Subnet is 172.20.1.2 and the Right Subnet is 172.20.10.10. For IPSEC VPN we are using Libreswan on OpenWRT Version openwrt-23.050rc3. Also we are using IKEv2 and Tunnel Mode for IPSEC. Now IPSEC VPN Tunnel gets established successfully and we are able to ping successfully both the sides over IPSEC VPN Tunnel. BUT after we add the command "Keepalive 10 2" for enabling GRE Keepalive on the Cisco VPN router side the GRE Keepalive packet gets sent successfully by the Cisco VPN router. Also the ipsec interface on the remote 5G NR / 4G LTE router receives this GRE Keepalive message successfully and tries to send the response back out as well. But strangely the Cisco VPN router does not receive back the response for GRE Keepalive message successfully causing the GRE Tunnel to go down eventually. For the GRE VPN the following settings below are applicable.
Source Peer = 172.20.1.2
Destination Peer = 172.20.10.10
IP Tunnel = 10.255.255.2
Source Peer = 172.20.10.10
Destination Peer = 172.20.1.2
IP Tunnel = 10.255.255.1
If anyone has any concrete solution / fix already for the above mentioned issue then please kindly get in touch with me urgently.