Issue with point to point VPNs behind NAT and asymmetric traffic
blakangel at gmail.com
blakangel at gmail.com
Wed Jun 12 22:02:42 UTC 2019
Could it be as simple as a stateful firewall?
Anurag Bhatia wrote on 6/12/2019 14:44:
> Hello everyone,
>
> Trying to get my head around a certain unexpected behaviour.
>
>
> I am running two site to site VPNs (wireguard now, OpenVPN earlier)
> between my home and a remote server over two different WAN links. Both
> WAN links are just consumer connections - one with public IP and one
> with CGNATed IP.
> The redundancy here is taken care of by the OSPF running via FRR on
> both ends.
>
>
> The unexpected behaviour I get is that if I set OSPF cost to prefer
> say link1 between home -> server and prefer link 2 between server ->
> home then connectivity completely breaks between the routed pools. The
> point to point IPs stay reachable (which is over expected links i.e
> symmetric via both ends). As long as both ends prefer link1 or link2,
> it works fine. At first, I thought it had to do something with NAT but
> still can't understand how. Since VPN tunnels have a keep-alive timer
> (for 10 seconds), the tunnel is always up. Any idea why asymmetric
> packets are being dropped here?
> This exact behaviour was in case of earlier OpenVPN + bird + iBGP and
> is still the same when I moved everything to Wireguard for VPN + FRR
> for routing + OSPF.
>
>
>
>
> Thanks.
>
>
> --
>
>
> Anurag Bhatia
> anuragbhatia.com <http://anuragbhatia.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190612/afd1dc5e/attachment.html>
More information about the NANOG
mailing list