This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multipath and Site to Site VPN

I've got a question about Multipath on Astaro 220

Main Site connected with two WAN connections (named FB and SLink),  all HTTP traffic is going out of the SLink connection.

Today I installed another astaro220 in a remote Site. That Site has one wan connection and is Site to Site vPN to the main Site through the SLink connection. That vPN is up but I can only reach HTTP servers in the remote Site from the main Site.  No windows network shares,  etc. It's so bizarre.  I have automatic rules turned on for both sides of the VPN

If anyone has any ideas,  I would greatly appreciate it.

This thread was automatically locked due to age.

0 wvdave over 13 years ago in reply to Hallowach2

OK - now you have to tell us what traffic should use which interface.

I guess you want all traffic over the SudLink but SMTP over EXTERNAL - right?

Regards
Manfred

That is correct... all traffic except for SMTP including the private lan traffic destined for that network (172.16.6.0/24)

To add even more confusion, the remote site is able to contact our main location and browse network shares.
thanks again!
Cancel
Vote Up 0 Vote Down

Cancel
0 Hallowach2 over 13 years ago in reply to wvdave

So you SudLink is kind of a 'main' interface. I would suggest to

- put the SudLink at first position in the uplink interfaces
- set the weight of the external interface to zero
- delete or disable the http multipath rule
- set the smtp multipath rule more precise to catch just the traffic from your mail server to the internet

After that, it maybe useful not to use the automatic paketfilterrules of the vpn connection, simply because that traffic isn't shown in the paketfilter log. I personaly prefer dedicated manual rules.

Regards
Manfred
Cancel
Vote Up 0 Vote Down

Cancel