Hello,
I've set up a pretty complicated setup [:O] to test QOS with a tunnel on a secondary outbound interface, while I've only a provider here at home...
If I enable QOS on several interface, even if I don't use it (just enable on interface, no bandwith pool ), I cant' use my SITE2SITE VPN : I can ping on IT but no TCP communication can be launched...
Please noticed that in previous version (7.40x) we had an issue regarding QOS+SITE2SITE on secondary interface, and the support (hi Nils) inform us that 7.5 will correct it : so i test before the GA !
ulong
----
1/ The setup
------------
A/ interfaces
ITF_LAN : local LAN
ITF_FREE : my provider, fixed IP, and no gateway
ITF_BIDON : an interface that is up but nothing else ( just a hub ).
has a default gateway, in order to simul a real internet access !!...
B/ POLICY ROUTINGS
ITF_BIDON, ANY, ANY, ANY --> real gateway on FREE
ITF_FREE, ANY, ANY, ANY --> real gateway on FREE
Several
ITF_LAN,ANY, HTTPS/*or others*/, ANY --> real gateway on FREE
since i need to reroute on ITF_FREE all services that i enable in PACKET FILTER...
==>> allowing group of service in policy based routing can be usefull [REQUEST!]...
C/ DNAT
Masquerade on ITF_FREE
Masquerade on ITF_BIDON
SNAT ITF_BIDON, ANY, ANY --> ITF_FREE
--> This change the source of packet that was re route to the real interface...
D/ SITE2SITE
I set up a tunnel between two astaro directly ON ITF_FREE, it works fine
2/ the test & problem
--------------------
QOS OFF:
Everything works fine : internet access, VPN UP, and I can ping and connect to our servers
if i enable QOS on ITF_BIDON or on ITF_LAN, internet acces is OK, tunnel is UP but i can't use the SITE2SITE VPN access :
- Ping a server work
- open a socket FAIL...
Disabling QOS lead to everything is ok...
