Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ping not working in Routed (VTI) interface

    Scheduled Pinned Locked Moved
    IPsec
    vti ping
    2
    3
    747
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      contimaglio
      last edited by

      I have successfully configured a IPSec tunnels between 192.168.150.0 (local network) and 10.10.0.0 (remote network).
      I use VTI Phase2:

      • local endpoint is 172.30.2.1/30
      • remote endpoint is 172.30.2.2/30

      The same configuration is applied (mirrored) on the remote FW. The tunnel is up and I can ping 10.10.0.0 hosts.

      The problem is that while obviously I can ping 172.30.2.1 (local endpoint), I cannot ping 172.30.2.2 which is used for tunnel monitoring. So I am not able to monitor the tunnel.

      93ac8bb6-5370-43ec-b7c9-da5a91c0854b-image.png

      I have allowed everything in the Firewall rule (IPSec section), and added a static route to 10.10.0.0 using the automatically generated gateway
      Does anybody have any idea why?

      P 1 Reply Last reply Reply Quote 0
      • P
        pete35 @contimaglio
        last edited by

        @contimaglio
        maybe check/set the mtu size of the tunnel. best values are around 1300-1350. try to allow mss clamping.

        <a href="https://carsonlam.ca">bintang88</a>
        <a href="https://carsonlam.ca">slot88</a>

        C 1 Reply Last reply Reply Quote 0
        • C
          contimaglio @pete35
          last edited by

          Thanks for the suggestion but unfortunately no PING.
          Since I am able to ping 172.30.2.1 (but not 172.30.2.2), could it be something related to firewall or routing?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post