Unable to pass traffic after manual disable then re-enable.

Home Page Forums Network Management VPN Unable to pass traffic after manual disable then re-enable.

This topic contains 2 replies, has 0 voices, and was last updated by  vasili 8 years, 8 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #42446

    vasili
    Member

    I have a lan-to-lan VPN setup as the following:

    -=Site A=-
    eth00(LAN) 10.2.20.1/16
    eth01(Internet) 209.1.1.1/30
    vpn00 172.16.100.2/24

    Routes:
    0.0.0.0 -> eth01
    10.4.0.0 -> 172.16.100.4
    Test PC 10.2.1.1

    -=Site B=-
    eth00(LAN) 10.4.40.1/16
    eth01(Internet) 63.1.1.1/30
    vpn00 172.16.100.4/24

    Routes:
    0.0.0.0 -> eth01
    10.2.0.0 -> 172.16.100.2
    Test PC 10.4.1.1

    Traceroute from 10.2.1.1 to 10.4.1.1 looks correct and vice versa.

    Upon installing adding the routes and VPN interface the tunnel comes up and passes traffic.
    I have one client machine on each side of the tunnel and have been testing bandwidth with iperf.
    Persistant ping is running on each machine back towards the other machine.
    On site B I go to the VPN00 interface and uncheck the UP checkbox to bring down interface and the pings stop.
    Once I check the box to re-enable, each VPN00 interface shows that it’s connected to the other but I’m unable to ping the remote clients.

    Traceroute from SiteA(10.2.1.1) to SiteB(10.4.1.1) looks like this:
    10.2.20.1 -> 209.1.1.2 -> 209.9.9.9 -> and then ‘destination network unreachable.’
    The 209.1.1.2 address is the router connected to eth01 and 209.9.9.9 is the border router to the internet from my ISP.
    Looks like the traffic isn’t being directed to the tunnel.
    Symptoms are the same going from the other end.

    From each zeroshell box I can ping both 172.16.100.2 and 172.16.100.4 but not beyond. I can only ping the local 172.16 address from each client PC.

    I’m not sure where to go with this.
    How does taking the VPN interface down and bringing back up affect routing like this? Any suggestions?

    I appreciate any help.

    #50461

    ppalias
    Member

    The routes are erased from the routing table, because the interface no longer exists. This is a normal behaviour. Once the tunnel is up again you have to manually add the routes again or have some options in the vpn tunnel to add the routes upon connecting.

    #50462

    vasili
    Member

    I removed the static route entries and added them back and traffic is passing again. So even though the gui showed the statics they weren’t in the table?

    Thanks for the quick response. You are always helpful to everyone.

    #50463

    ppalias
    Member

    Maybe there is a bug there. To verify it please try the same and instead of looking at the web interface, open a ssh connection or connect with keyboard and monitor on the terminal and issue the command

    route -n

    This way we’ll see if the routes are added back again to the routing table.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.