We have a setup where we have a VPN running between 2 Astaro devices (ASL 1 and ASL 2), and have another Astaro device (ASL 1a) masqueraded behind ASL 1 making a VPN connection to ASL 2.
So we end up with one normal VPN connection between 2 Astaro devices (ASL 1 and ASL 2), and then one VPN connection where one is hiding behind the other, so it end up connecting using ipsec nat-traversal (ASL 1a and ASL 2, masqueraded by ASL 1).
Before upgrading to 6.202 from 6.201, we had no problems with either VPN connection.
Since upgrading the box with the masquaraded host (ASL 1) to 6.202, what happens is that the VPN (ASL 1 ASL 2) on the box doing the masquarading drops. What appears to happen is that it starts routing all IPSEC packets to the masqueraded box thinking that those packets are not really destined for it, so it isn't able to negotiate a connection.
Unfortunately, once this happens, the only way to get the ASL 1 ASL 2 VPN connection up again is to reboot ASL 1.
Now, we could probably get this to work on the current version by setting up a dedicated NAT for ASL 1a. But I want to know, why did it break? We see no IPSEC related changes in 6.202. Any ideas?
This thread was automatically locked due to age.
