Problems with initial install and setup of 20.08


  • We have tried several time to setup TNSR 20.08. After configuring one node and rebooting, I get this error message:

    Oct 27 17:42:54: clicon_rpc_connect_unix: 437: Protocol error: /var/tnsr/tnsr.sock: config daemon not running?: No such file or directory
    tnsr_cli_get: Failed to retrieve /ngif:interfaces-state/ngif:interface

    Also, here is the configuration I applied before rebooting:

    interface WAN
    ip address 10.0.0.2/30
    enable
    exit

    interface LAN 10.10.10.1/24
    ip address
    enable
    exit

    ipsec tunnel 0
    local-address 10.0.0.2
    remote-address 10.0.0.1
    crypto config-type ike
    crypto ike
    version 2
    lifetime 28800
    proposal 1
    encryption aes256
    integrity sha256
    group modp2048
    exit
    identity local
    type address
    value 10.0.0.2
    exit
    identity remote
    type address
    value 10.0.0.1
    exit
    authentication local
    round 1
    type psk
    psk 1234567890
    exit
    exit
    authentication remote
    round 1
    type psk
    psk 1234567890
    exit
    exit
    child 1
    lifetime 3600
    proposal 1
    encryption aes256
    integrity sha256
    group modp2048
    exit
    exit
    exit
    exit
    interface ipip0
    ip address 10.30.0.2/30
    enable
    exit
    route ipv4 table ipv4-VRF:0
    route 10.5.5.0/24
    next-hop 0 via 10.30.0.1
    exit
    exit

    interface ipip0
    ip address 10.30.0.2/30
    enable
    exit

    route ipv4 table ipv4-VRF:0
    route 10.5.5.0/24
    next-hop 0 via 10.30.0.1
    exit
    exit

    configuration candidate commit
    configuration copy running startup
    exit

    Any feedback would be appreciated.

    Thanks.

  • LAYER 8 Netgate

    @KenRunner said in Problems with initial install and setup of 20.08:

    interface LAN 10.10.10.1/24
    ip address
    enable
    exit

    Is that accurate? The ip address assignment is incorrect there.

    Assuming you also defined the proper interfaces anmed WAN and LAN in the dataplane?

    Can you post a copy of your /var/tnsr/startup_db?

  • LAYER 8

    @KenRunner said in Problems with initial install and setup of 20.08:

    /var/tnsr/tnsr.sock

    it's generated by clixon-backend service
    check the log

    systemctl status clixon-backend
    
    journalctl -u clixon-backend
    

  • Thanks, I examined the startup_db from the other node and did find entries missing so I made both files match with the execption of the unique IPs and the interfaces are displaying now. The tunnel is showing CONNECTING and is trying to initiate every minute, but never completes. Any suggestions?

  • LAYER 8 Netgate

    Looks at /var/log/messages to see what is happening with the IPsec connection.


  • Here is a copy of the startup_db file from node 1:

    <config>
       <dataplane-config xmlns="urn:netgate:xml:yang:netgate-dataplane">
          <dpdk>
             <dev>
                <id>0000:02:00.0</id>
                <name>LAN</name>
             </dev>
             <dev>
                <id>0000:07:00.0</id>
                <name>WAN</name>
             </dev>
             <uio-driver>igb_uio</uio-driver>
          </dpdk>
       </dataplane-config>
       <interfaces-config xmlns="urn:netgate:xml:yang:netgate-interface">
          <interface>
             <name>LAN</name>
             <description><![CDATA[LAN]]></description>
             <enabled>true</enabled>
             <ipv4>
                <address>
                   <ip>10.5.5.1/24</ip>
                </address>
             </ipv4>
          </interface>
          <interface>
             <name>WAN</name>
             <description><![CDATA[WAN]]></description>
             <enabled>true</enabled>
             <ipv4>
                <address>
                   <ip>10.0.0.1/30</ip>
                </address>
             </ipv4>
          </interface>
          <interface>
             <name>ipip0</name>
             <enabled>true</enabled>
             <ipv4>
                <address>
                   <ip>10.30.0.1/30</ip>
                </address>
             </ipv4>
          </interface>
       </interfaces-config>
       <ipsec-config xmlns="urn:netgate:xml:yang:netgate-ipsec">
          <tunnel>
             <instance>0</instance>
             <local-addr>10.0.0.1</local-addr>
             <remote-addr>10.0.0.2</remote-addr>
             <crypto>
                <config-type>ike</config-type>
                <ike>
                   <version>2</version>
                   <lifetime>28800</lifetime>
                   <proposals>
                      <name>1</name>
                      <encryption-algorithm>aes256</encryption-algorithm>
                      <integrity-algorithm>sha256</integrity-algorithm>
                      <dh-group>modp2048</dh-group>
                   </proposals>
                   <identity>
                      <peer>local</peer>
                      <type>address</type>
                      <value>10.0.0.1</value>
                   </identity>
                   <identity>
                      <peer>remote</peer>
                      <type>address</type>
                      <value>10.0.0.2</value>
                   </identity>
                   <authentication>
                      <peer>local</peer>
                      <round>
                         <number>1</number>
                         <type>psk</type>
                         <psk>1234567890</psk>
                      </round>
                   </authentication>
                   <authentication>
                      <peer>remote</peer>
                      <round>
                         <number>1</number>
                         <type>psk</type>
                         <psk>1234567890</psk>
                      </round>
                   </authentication>
                   <child-sa>
                      <name>1</name>
                      <lifetime>3600</lifetime>
                      <proposal>
                         <name>1</name>
                         <encryption-algorithm>aes256</encryption-algorithm>
                         <integrity-algorithm>sha256</integrity-algorithm>
                         <dh-group>modp2048</dh-group>
                      </proposal>
                   </child-sa>
                </ike>
             </crypto>
          </tunnel>
       </ipsec-config>
       <route-table-config xmlns="urn:netgate:xml:yang:netgate-route-table">
          <static-routes>
             <route-table>
                <name>ipv4-VRF:0</name>
                <address-family>ipv4</address-family>
                <ipv4-routes>
                   <route>
                      <destination-prefix>10.10.10.0/24</destination-prefix>
                      <next-hop>
                         <hop>
                            <hop-id>0</hop-id>
                            <ipv4-address>10.30.0.2</ipv4-address>
                         </hop>
                      </next-hop>
                   </route>
                </ipv4-routes>
             </route-table>
          </static-routes>
       </route-table-config>
       <nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
          <enable-nacm>true</enable-nacm>
          <read-default>deny</read-default>
          <write-default>deny</write-default>
          <exec-default>deny</exec-default>
          <groups>
             <group>
                <name>admin</name>
                <user-name>root</user-name>
                <user-name>tnsr</user-name>
             </group>
          </groups>
          <rule-list>
             <name>admin-rules</name>
             <group>admin</group>
             <rule>
                <name>permit-all</name>
                <module-name>*</module-name>
                <access-operations>*</access-operations>
                <action>permit</action>
             </rule>
          </rule-list>
       </nacm>
       <modules-state xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library">
          <module-set-id>20.08</module-set-id>
          <module>
             <name>clixon-lib</name>
             <revision>2020-04-23</revision>
             <namespace>http://clicon.org/lib</namespace>
          </module>
          <module>
             <name>clixon-rfc5277</name>
             <revision>2008-07-01</revision>
             <namespace>urn:ietf:params:xml:ns:netmod:notification</namespace>
          </module>
          <module>
             <name>ietf-inet-types</name>
             <revision>2013-07-15</revision>
             <namespace>urn:ietf:params:xml:ns:yang:ietf-inet-types</namespace>
          </module>
          <module>
             <name>ietf-netconf</name>
             <revision>2011-06-01</revision>
             <namespace>urn:ietf:params:xml:ns:netconf:base:1.0</namespace>
          </module>
          <module>
             <name>ietf-netconf-acm</name>
             <revision>2018-02-14</revision>
             <namespace>urn:ietf:params:xml:ns:yang:ietf-netconf-acm</namespace>
          </module>
          <module>
             <name>ietf-restconf</name>
             <revision>2017-01-26</revision>
             <namespace>urn:ietf:params:xml:ns:yang:ietf-restconf</namespace>
          </module>
          <module>
             <name>ietf-yang-library</name>
             <revision>2016-06-21</revision>
             <namespace>urn:ietf:params:xml:ns:yang:ietf-yang-library</namespace>
          </module>
          <module>
             <name>ietf-yang-types</name>
             <revision>2013-07-15</revision>
             <namespace>urn:ietf:params:xml:ns:yang:ietf-yang-types</namespace>
          </module>
          <module>
             <name>netgate-acl</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-acl</namespace>
          </module>
          <module>
             <name>netgate-bfd</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-bfd</namespace>
          </module>
          <module>
             <name>netgate-bgp</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-bgp</namespace>
          </module>
          <module>
             <name>netgate-common</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-common</namespace>
          </module>
          <module>
             <name>netgate-dataplane</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-dataplane</namespace>
          </module>
          <module>
             <name>netgate-frr</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-frr</namespace>
          </module>
          <module>
             <name>netgate-frr-types</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-frr-types</namespace>
          </module>
          <module>
             <name>netgate-gre</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-gre</namespace>
          </module>
          <module>
             <name>netgate-host</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-host</namespace>
          </module>
          <module>
             <name>netgate-host-interface</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-hostif</namespace>
          </module>
          <module>
             <name>netgate-http</name>
             <revision>2020-06-15</revision>
             <namespace>urn:ietf:params:xml:ns:yang:netgate-http</namespace>
          </module>
          <module>
             <name>netgate-interface</name>
             <revision>2020-07-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-interface</namespace>
          </module>
          <module>
             <name>netgate-interface-extensions</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-ifext</namespace>
          </module>
          <module>
             <name>netgate-ip</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-ip</namespace>
          </module>
          <module>
             <name>netgate-ipsec</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-ipsec</namespace>
          </module>
          <module>
             <name>netgate-kea</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-kea</namespace>
          </module>
          <module>
             <name>netgate-lldp</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-lldp</namespace>
          </module>
          <module>
             <name>netgate-macip</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-macip</namespace>
          </module>
          <module>
             <name>netgate-map</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-map</namespace>
          </module>
          <module>
             <name>netgate-master</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-master</namespace>
          </module>
          <module>
             <name>netgate-nat</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-nat</namespace>
          </module>
          <module>
             <name>netgate-neighbor</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-neighbor</namespace>
          </module>
          <module>
             <name>netgate-ntp</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-ntp</namespace>
          </module>
          <module>
             <name>netgate-ospf</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-ospf</namespace>
          </module>
          <module>
             <name>netgate-ospf6</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-ospf6</namespace>
          </module>
          <module>
             <name>netgate-package</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-package</namespace>
          </module>
          <module>
             <name>netgate-pki</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-pki</namespace>
          </module>
          <module>
             <name>netgate-rip</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-rip</namespace>
          </module>
          <module>
             <name>netgate-route</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-route</namespace>
          </module>
          <module>
             <name>netgate-route-table</name>
             <revision>2020-07-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-route-table</namespace>
          </module>
          <module>
             <name>netgate-snmp</name>
             <revision>2020-06-15</revision>
             <namespace>https://netgate.com/ns/netgate-snmp</namespace>
          </module>
          <module>
             <name>netgate-span</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-span</namespace>
          </module>
          <module>
             <name>netgate-ssh-server</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-ssh-server</namespace>
          </module>
          <module>
             <name>netgate-sysctl</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-sysctl</namespace>
          </module>
          <module>
             <name>netgate-system</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-system</namespace>
          </module>
          <module>
             <name>netgate-unbound</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-unbound</namespace>
          </module>
          <module>
             <name>netgate-vpp-prometheus</name>
             <revision>2020-07-30</revision>
             <namespace>urn:netgate:xml:yang:netgate-vpp-prometheus</namespace>
          </module>
          <module>
             <name>netgate-vrrp</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-vrrp</namespace>
          </module>
          <module>
             <name>netgate-vxlan</name>
             <revision>2020-06-15</revision>
             <namespace>urn:netgate:xml:yang:netgate-vxlan</namespace>
          </module>
       </modules-state>
    </config>
    

  • /var/log/messages from node 1:

    Oct 28 15:23:56 tnsr-test1 clixon_backend[2043]: ipsec_job_child_bringup_tunnel: Initiating tunnel 0
    Oct 28 15:23:56 tnsr-test1 charon-systemd[2006]: vici initiate CHILD_SA 'child0'
    Oct 28 15:24:08 tnsr-test1 systemd[2219]: Starting Mark boot as successful...
    Oct 28 15:24:08 tnsr-test1 systemd[2219]: Started Mark boot as successful.
    Oct 28 15:24:26 tnsr-test1 charon-systemd[2006]: retransmit 5 of request with message ID 0
    Oct 28 15:24:26 tnsr-test1 charon-systemd[2006]: sending packet: from 10.0.0.1[500] to 10.0.0.2[500] (464 bytes)
    Oct 28 15:24:26 tnsr-test1 clixon_backend[2043]: ipsec_job_child_bringup_tunnel: Initiating tunnel 0
    Oct 28 15:24:26 tnsr-test1 charon-systemd[2006]: vici initiate CHILD_SA 'child0'
    Oct 28 15:24:29 tnsr-test1 vnet[1534]: linux-cp/router: Failed to delete neighbor: 10.0.0.2 WAN
    Oct 28 15:24:56 tnsr-test1 clixon_backend[2043]: ipsec_job_child_bringup_tunnel: Initiating tunnel 0
    Oct 28 15:24:56 tnsr-test1 charon-systemd[2006]: vici initiate CHILD_SA 'child0'
    Oct 28 15:25:26 tnsr-test1 clixon_backend[2043]: ipsec_job_child_bringup_tunnel: Initiating tunnel 0
    Oct 28 15:25:26 tnsr-test1 charon-systemd[2006]: vici initiate CHILD_SA 'child0'
    Oct 28 15:25:41 tnsr-test1 charon-systemd[2006]: giving up after 5 retransmits
    Oct 28 15:25:41 tnsr-test1 charon-systemd[2006]: establishing IKE_SA failed, peer not responding
    Oct 28 15:25:56 tnsr-test1 clixon_backend[2043]: ipsec_job_child_bringup_tunnel: Initiating tunnel 0
    Oct 28 15:25:56 tnsr-test1 charon-systemd[2006]: vici initiate CHILD_SA 'child0'
    Oct 28 15:25:56 tnsr-test1 charon-systemd[2006]: initiating IKE_SA ipip0[28] to 10.0.0.2
    Oct 28 15:25:56 tnsr-test1 charon-systemd[2006]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
    Oct 28 15:25:56 tnsr-test1 charon-systemd[2006]: sending packet: from 10.0.0.1[500] to 10.0.0.2[500] (464 bytes)
    Oct 28 15:25:59 tnsr-test1 vnet[1534]: linux-cp/router: Failed to delete neighbor: 10.0.0.2 WAN
    Oct 28 15:26:00 tnsr-test1 charon-systemd[2006]: retransmit 1 of request with message ID 0
    Oct 28 15:26:00 tnsr-test1 charon-systemd[2006]: sending packet: from 10.0.0.1[500] to 10.0.0.2[500] (464 bytes)
    Oct 28 15:26:03 tnsr-test1 vnet[1534]: linux-cp/router: Failed to delete neighbor: 10.0.0.2 WAN
    
  • LAYER 8 Netgate

    @KenRunner said in Problems with initial install and setup of 20.08:

    Oct 28 15:25:41 tnsr-test1 charon-systemd[2006]: giving up after 5 retransmits
    Oct 28 15:25:41 tnsr-test1 charon-systemd[2006]: establishing IKE_SA failed, peer not responding

    Looks like the peer at 10.0.0.2 is not responding to the ISAKMP packets being sent. What is being logged on the other side?


  • node2 10.0.0.2 /var/log/messages:

    Oct 30 10:47:38 tnsr-test2 charon-systemd[1992]: initiating IKE_SA ipip0[898] to 10.0.0.1
    Oct 30 10:47:38 tnsr-test2 charon-systemd[1992]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
    Oct 30 10:47:38 tnsr-test2 charon-systemd[1992]: sending packet: from 10.0.0.2[500] to 10.0.0.1[500] (464 bytes)
    Oct 30 10:47:42 tnsr-test2 vnet[1550]: linux-cp/router: Failed to delete neighbor: 10.0.0.1 WAN
    Oct 30 10:47:42 tnsr-test2 charon-systemd[1992]: retransmit 1 of request with message ID 0
    Oct 30 10:47:42 tnsr-test2 charon-systemd[1992]: sending packet: from 10.0.0.2[500] to 10.0.0.1[500] (464 bytes)
    Oct 30 10:47:46 tnsr-test2 vnet[1550]: linux-cp/router: Failed to delete neighbor: 10.0.0.1 WAN
    Oct 30 10:47:50 tnsr-test2 charon-systemd[1992]: retransmit 2 of request with message ID 0
    Oct 30 10:47:50 tnsr-test2 charon-systemd[1992]: sending packet: from 10.0.0.2[500] to 10.0.0.1[500] (464 bytes)
    Oct 30 10:47:53 tnsr-test2 vnet[1550]: linux-cp/router: Failed to delete neighbor: 10.0.0.1 WAN
    Oct 30 10:48:03 tnsr-test2 charon-systemd[1992]: retransmit 3 of request with message ID 0
    Oct 30 10:48:03 tnsr-test2 charon-systemd[1992]: sending packet: from 10.0.0.2[500] to 10.0.0.1[500] (464 bytes)
    Oct 30 10:48:06 tnsr-test2 vnet[1550]: linux-cp/router: Failed to delete neighbor: 10.0.0.1 WAN
    Oct 30 10:48:08 tnsr-test2 clixon_backend[2029]: ipsec_job_child_bringup_tunnel: Initiating tunnel 0
    Oct 30 10:48:08 tnsr-test2 charon-systemd[1992]: vici initiate CHILD_SA 'child0'
    Oct 30 10:48:26 tnsr-test2 charon-systemd[1992]: retransmit 4 of request with message ID 0
    Oct 30 10:48:26 tnsr-test2 charon-systemd[1992]: sending packet: from 10.0.0.2[500] to 10.0.0.1[500] (464 bytes)
    Oct 30 10:48:29 tnsr-test2 vnet[1550]: linux-cp/router: Failed to delete neighbor: 10.0.0.1 WAN
    Oct 30 10:48:38 tnsr-test2 clixon_backend[2029]: ipsec_job_child_bringup_tunnel: Initiating tunnel 0
    Oct 30 10:48:38 tnsr-test2 charon-systemd[1992]: vici initiate CHILD_SA 'child0'
    Oct 30 10:49:08 tnsr-test2 charon-systemd[1992]: retransmit 5 of request with message ID 0
    Oct 30 10:49:08 tnsr-test2 charon-systemd[1992]: sending packet: from 10.0.0.2[500] to 10.0.0.1[500] (464 bytes)
    Oct 30 10:49:08 tnsr-test2 clixon_backend[2029]: ipsec_job_child_bringup_tunnel: Initiating tunnel 0
    Oct 30 10:49:08 tnsr-test2 charon-systemd[1992]: vici initiate CHILD_SA 'child0'
    Oct 30 10:49:11 tnsr-test2 vnet[1550]: linux-cp/router: Failed to delete neighbor: 10.0.0.1 WAN
    
    
  • LAYER 8 Netgate

    On both nodes can you:

    tnsr# show interface
    tnsr# ping 10.0.0.1 source 10.0.0.2 and the reciprocal on the other node
    tnsr# show neighbor
    tnsr# show ipsec tunnel X where X is the ipsec instance

    ?


  • Results from the ping and status check:

    tnsr-test2 tnsr# ping 10.0.0.1 source 10.0.0.2
    PING 10.0.0.1 (10.0.0.1) from 10.0.0.2 : 56(84) bytes of data.
    From 10.0.0.2 icmp_seq=1 Destination Host Unreachable
    From 10.0.0.2 icmp_seq=2 Destination Host Unreachable
    From 10.0.0.2 icmp_seq=3 Destination Host Unreachable
    
    --- 10.0.0.1 ping statistics ---
    3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 27ms
    pipe 3
    tnsr-test2 tnsr# show neighbor
    tnsr-test2 tnsr# show ipsec tunnel 0
    IPsec Tunnel: 0
        IKE SA: ipip0    ID: 935    Version: IKEv2
            Local: 10.0.0.2[500]    Remote: 10.0.0.1[500]
            Status: CONNECTING
    tnsr-test2 tnsr#
    

    Both nodes gave the same responses

  • LAYER 8 Netgate

    It looks like there is no connectivity between those two hosts. They can't even ARP for each other.

    What about show interface ??


  • The nodes are both connected to a switch and are on the same vlan. Here is the show interface from number 2:

    tnsr-test2 tnsr# show interface
    Interface: LAN
        Description: LAN
        Admin status: up
        Link up, link-speed 1000 Mbps, full duplex
        Link MTU: 9000 bytes
        MAC address: 0c:c4:7a:4c:8a:cc
        IPv4 MTU: 0 bytes
        IPv4 Route Table: ipv4-VRF:0
        IPv4 addresses:
            10.10.10.1/24
        IPv6 MTU: 0 bytes
        IPv6 Route Table: ipv6-VRF:0
        IPv6 addresses:
            fe80::ec4:7aff:fe4c:8acc/64
        VLAN tag rewrite: disable
        Rx-queues
            queue-id 0 : cpu-id 1
        counters:
          received: 6398619 bytes, 87388 packets, 0 errors
          transmitted: 86184 bytes, 1012 packets, 8 errors
          protocols: 0 IPv4, 0 IPv6
          87388 drops, 0 punts, 0 rx miss, 0 rx no buffer
    
    Interface: WAN
        Description: WAN
        Admin status: up
        Link down, unknown duplex
        Link MTU: 9000 bytes
        MAC address: 0c:c4:7a:4c:86:e4
        IPv4 MTU: 0 bytes
        IPv4 Route Table: ipv4-VRF:0
        IPv4 addresses:
            10.0.0.2/30
        IPv6 MTU: 0 bytes
        IPv6 Route Table: ipv6-VRF:0
        IPv6 addresses:
            fe80::ec4:7aff:fe4c:86e4/64
        VLAN tag rewrite: disable
        Rx-queues
            queue-id 0 : cpu-id 1
        counters:
          received: 0 bytes, 0 packets, 0 errors
          transmitted: 0 bytes, 0 packets, 17909 errors
          protocols: 0 IPv4, 0 IPv6
          0 drops, 0 punts, 0 rx miss, 0 rx no buffer
    
    Interface: ipip0
        Admin status: up
        Link up, unknown duplex
        Link MTU: 9000 bytes
        IPv4 MTU: 0 bytes
        IPv4 Route Table: ipv4-VRF:0
        IPv4 addresses:
            10.30.0.2/30
        IPv6 MTU: 0 bytes
        IPv6 Route Table: ipv6-VRF:0
        IPv6 addresses:
            fe80::d167:2cf6:12d4:497b/64
        VLAN tag rewrite: disable
        counters:
          received: 0 bytes, 0 packets, 0 errors
          transmitted: 68 bytes, 1 packets, 0 errors
          protocols: 0 IPv4, 0 IPv6
          0 drops, 0 punts, 0 rx miss, 0 rx no buffer
    
  • LAYER 8 Netgate

    How are they connected? They don't appear to be able to exchange traffic between each other. Nothing but transmit errors on WAN there.