Can ping other machines on subnet, but not the gateway

AvKARE IT

Nothing changed. No patches applied. This is all being setup from scratch. New firewalls, new supermicro servers. I was able to mount a virtual disk hosted on an SMB share on 192.168.100.20 onto a supermicro using IPMI on Friday. I did this from two physical supermicro servers on the OPT3 subnet. On each, I installed Debian Stretch and KVM. From Debian, I cannot ping the gateway from either box, and I can no longer mount that SMB share in IPMI. I see nothing strange in the logs.

KOM

Any other network equipment in between anything? I'm starting to run out of ideas. If you know Wireshark, you could try packet-capturing from each end and see what's going on. That might help isolate the prob;em.

If you're desperate, you could try backing up your configurations, reinstalling from scratch and then restoring and see if it just fixes itself. Normally I wouldn't suggest random actions like that with hopes & prayers, but like you said it used to work.

Derelict

What other rules are on those interfaces? Please provide a complete picture instead of cropping everything out.

It makes no sense to have rules sourcing from LAN network on the RSS_NET interface. That will never happen.

Please also provide captures of the interfaces in question from Status > Interfaces.

Any IPsec? Any policy routing?

AvKARE IT

@Derelict:

What other rules are on those interfaces? Please provide a complete picture instead of cropping everything out.

It makes no sense to have rules sourcing from LAN network on the RSS_NET interface. That will never happen.

Please also provide captures of the interfaces in question from Status > Interfaces.

Any IPsec? Any policy routing?

The only rules on the LAN subnet are the default anti-lockout rule and the default any protocol on LAN to any. On the RSS_LAN subnet, the only rule is any protocol on RSS_LAN to any (changed since yesterday).

Yes, there are IPSec VPN tunnels, but I'm not sure why you're asking. Absolutely no policy routing in place.

![Screen Shot 2017-11-07 at 11.04.15 AM.png](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.04.15 AM.png)
![Screen Shot 2017-11-07 at 11.04.15 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.04.15 AM.png_thumb)
![Screen Shot 2017-11-07 at 11.04.24 AM.png](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.04.24 AM.png)
![Screen Shot 2017-11-07 at 11.04.24 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.04.24 AM.png_thumb)
![Screen Shot 2017-11-07 at 11.07.47 AM.png](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.07.47 AM.png)
![Screen Shot 2017-11-07 at 11.07.47 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.07.47 AM.png_thumb)

AvKARE IT

It seems I found the issue. I had a misconfiguration in IPSec, which was apparently affecting the routing. I fixed that, and all seems well. Thanks to Derelict for mentioning IPSec…I probably wouldn't have looked.

KOM

I had a misconfiguration in IPSec

This misconfiguration had been there all along and just decided to act up now/ Or was this something you manually did between when it was last working and now?

AvKARE IT

I'm pretty sure that misconfiguration happened over the weekend when I was trying to work on it from home. My IPSec tunnel was connected to LAN, but I needed a Phase 2 to the RSS_LAN…I just set it up ass backwards and that screwed me. I guess that's what I get for trying to work at home when my wife and kids are present.

KOM

I did specifically ask you if you changed anything between when it was working and when it stopped…

AvKARE IT

Yes, and I failed to remember that I had messed with the VPN tunnel from home. I thought I had added the Phase 2 earlier in the week when I was installing the servers at the datacenter.

KOM

OK I'm done breaking your balls ;D

Glad it's working.