nanog mailing list archives
Re: Issue with point to point VPNs behind NAT and asymmetric traffic
From: William Herrin <bill () herrin us>
Date: Sat, 15 Jun 2019 13:06:30 -0700
On Wed, Jun 12, 2019 at 2:45 PM Anurag Bhatia <me () anuragbhatia com> wrote:
I am running two site to site VPNs (wireguard now, OpenVPN earlier)
between my home and a remote server over two different WAN links. Both WAN links are just consumer connections - one with public IP and one with CGNATed IP.
The redundancy here is taken care of by the OSPF running via FRR on both
ends.
The unexpected behaviour I get is that if I set OSPF cost to prefer say
link1 between home -> server and prefer link 2 between server -> home then connectivity completely breaks between the routed pools. The point to point IPs stay reachable (which is over expected links i.e symmetric via both ends). As long as both ends prefer link1 or link2, it works fine. At first, I thought it had to do something with NAT but still can't understand how. Since VPN tunnels have a keep-alive timer (for 10 seconds), the tunnel is always up. Any idea why asymmetric packets are being dropped here? This is probably enabled on one or both ends: http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.rpf.html Disable it. -- William Herrin bill () herrin us https://bill.herrin.us/
Current thread:
- Issue with point to point VPNs behind NAT and asymmetric traffic Anurag Bhatia (Jun 12)
- Re: Issue with point to point VPNs behind NAT and asymmetric traffic blakangel (Jun 12)
- Re: Issue with point to point VPNs behind NAT and asymmetric traffic Ross Tajvar (Jun 12)
- Re: Issue with point to point VPNs behind NAT and asymmetric traffic Anurag Bhatia (Jun 15)
- RE: Issue with point to point VPNs behind NAT and asymmetric traffic Jerry Cloe (Jun 12)
- Re: Issue with point to point VPNs behind NAT and asymmetric traffic Anurag Bhatia (Jun 26)
- Re: Issue with point to point VPNs behind NAT and asymmetric traffic Grant Taylor via NANOG (Jun 12)
- Re: Issue with point to point VPNs behind NAT and asymmetric traffic William Herrin (Jun 15)
- Re: Issue with point to point VPNs behind NAT and asymmetric traffic Grant Taylor via NANOG (Jun 15)