Hello
After upgrading to astaro 4.12 some VPN connections stops working.
I upgrade directly from astaro 4.07 all upgrades in one day so I dont know which upgrade makes troubles.
I have this configuration.
10.10.10.0 Astaro 4.12 cisco router internet astaro 4.07 10.10.20.0
Because we use also leased line to connect these two sides I must use SNAT/DNAT to connect 2 computers via VPN.
VPN configuration:
10.10.100.0/24===xxx.xxx.xxx.xxx:4500[test@test1.com]...xxx.xxx.xxx.xxx:4500[test@test.com]===10.10.200.0/24
VPN tunnel is established.
Routing is set to 10.10.200.0/24 dev ipsec0 table 42 scope link
Packet filter is set to
Permit 10.10.10.0 10.10.200.0 any
On Astaro 4.12 the SNAT/DNAT is set to
Source address: "10.10.10.10" destination address "10.10.200.10" service "any"
Change source to "10.10.100.10" service "no change"
Change destination to "no change" service "no change"
On Astaro 4.07 the SNAT/DNAT is set to
Source address : "any" destination address "10.10.200.10" service "any"
Change source to "no change" service "no change"
Change destination to "10.10.20.10" service "no change"
This configuration works fine till upgrade then stops working and now it routes packets through firewall directly to the router .( I set access list for outgoing traffic on router and I see dropped packets from 10.10.100.10 to 10.10.200.10. It looks like firewall doesn't send packets through the VPN tunnel. (VPN tunnel is established and routing set)
It is possible that with upgrade to 4.08 or later something change in handling packets that flows through the firewall. It seems that order in which the packets are handled is:
1) packet filter
2) VPN
3) NAT/SNAT
Is this feature or bug?
Thanks Ojrad
This thread was automatically locked due to age.
