Hundred of entries in ip route with GRE tunnel


I have recently installed OpenWrt, and I am using a GRE tunnel for all my connections (all LAN).

Here is how I set it up:

config interface ‘gretun’
	option proto 'gre'
	option peeraddr 'GRE_ENDPOINT'
	option mtu '1476'
	option ttl '12'
	option tunlink 'wan'
	option defaultroute '0'
	option delegate '0'

config interface ‘pub’
	option proto 'static'
	option device '@gretun'
	list ipaddr 'GRE_LOC_IP/30'
	list ipaddr 'GRE_PUB_IP/32'

config route
	option interface 'mwan'
	option proto 'static'
	option mtu '1476'
	option target ''
	option gateway ''
	option source 'GRE_PUB_IP/'


config nat
	option src 'mwan'
	option target 'SNAT'
	option snat_ip 'GRE_PUB_IP'
	option name 'MW-SNAT'
	list proto 'all'

It works fine, but I noticed something highly unusual and likely abnormal and unwanted.
My route tables is getting automatically flooded with any public IP being used in the tunnel:
root@OpenWrt:~# ip r

default dev gre4-pub scope link  src GRE_PUB_IP
IP #1 dev gre4-pub
IP #2 dev gre4-pub 
IP #3 dev gre4-pub
IP #X dev-pub
IP #279 dev gre4-pub
IP #280 dev gre4-pub
WAN_PUB_SUBNET dev eth1 scope link  src WAN_PUB_IP
GRE_LOC_SUBNET dev gre4-pub scope link  src GRE_LOC_IP
GRE_ENDPOINT via WAN_PUB_GW dev eth1 dev docker0 scope link  src 
LAN_SUBNET dev br-lan scope link  src LAN_ROUTER_IP

This is unessecary, because the first rule default dev gre4-pub scope link src GRE_PUB_IP is sufficient to route any traffic to the tunnel.
I have no idea what process or setting is responsible for the flood in the ip routing table.

Any clue on what I can do here? I have been working on this all day, without any success…

Thank you

Nobody has any clue?

Would that be the normal behavior of OpenWrt in this situation?
Any idea on which process is dynamically adding all these (unecessary) routes?

Found the problem! :slightly_smiling_face:

After installing the package “ip-full” (hence not using the busybox version), I don’t see the hundred of extra routes and all appears as it should be.

So it is a bug in the busybox version of the ip utility.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.