Hi,
we a have customer who has two networks, that shall be interconnected with a VPN. One network has for legacy reasons an Astaro 4 (i'll call it A1, 192.168.1.1) and the other an Astaro 5 (A2,192.168.1.1 ). A1 already runs successfully a VPN-connection for a employee with a notebook.
The VPN should work via RSA-Keys and it has been set up according to the Astaro-HOWTO.
The VPN-tunnel goes up w/o any fuss and in both cases the routing seems to be correct:
A1:
# ip route get 192.168.2.1
192.168.2.1 dev ipsec0 src 212.202.245.230
cache mtu 16260 advmss 16220
A2:
# ip route get 192.168.1.1
192.168.1.1 dev ipsec0 src 212.202.144.170
cache mtu 1420 advmss 1380
The only thing that puzzles me are the different mtus/advmss.
When I start tcpdump -i ipsec0 on A2 and try to ping A1, the packets appear so the routing is ok. Unfortunately I can't try it on A1 as Astaro 4 has no packetsniffer. [:(]
A ping -I ipsec0 on both sides also doesn't make the ping return...
ICMP in all forms is permitted on both hosts and packetfilters are set to allow anything.
Can anybody help please? [:(]
TIA
P.S. In the HOWTO is a additional not, that: "You will need packet filters in order for traffic flow from network to network." What does it mean? Have I to have some special rules apart from allowing everything? The packetlogs don't mention any dropped ipsec/ping-packets.
This thread was automatically locked due to age.
