Strange behavior regarding UDP connections
-
Hi the team,
We are facing to an issue I cannot explain at that time. When I contact services in UDP mode (especialy OpenVPN), packets response are sent with different source address. Quick explaination :
-
We are in HA/CARP setup
-
Consider WAN network is W.W.W.0
-
Consider LAN network is L.L.L.0
-
Consider WAN IP W.W.W.4
-
Consider WAN vIP W.W.W.6
-
Consider LAN IP L.L.L.1
-
Consider LAN vIP L.L.L.254
Test case 1 :
From Internet I launch my VPN client (OpenVPN), connections are comming right to my vIP W.W.W.6 , but, packet answers are sent using WAN source address W.W.W.4. As a result the connection is never established. Doing the same test in TCP mode is OK, packet responses are sent using the correct vIP address.
Test case 2 :
From LAN I launch my VPN client (OpenVPN), connections are comming right to my vIP W.W.W.6 (but stay on LAN interface), but, packet answers are sent using LAN source address L.L.L.1. As a result the connection is never established. Doing the same test in TCP mode is OK, packet responses are sent using the correct vIP address.
Do you have any explaination ? How to adjust this behavior ? I tried NAT tricks in hybrid mode without any success
Thank you for advance,
Regards
-
-
What does a packet trace reveal? Maybe include the trace. You leave little to go on.
-
Check you outbound NAT. In CARP mode you have to set outbound NAT rules manually, to translate to virtual IP instead of interface address. Maybe manual rules are set for TCP only.