Strange VTI Routing issue
-
Hello. I have a VTI vpn setup between two servers. I have it set to allow traffic to go through the VPN and out on the other side. This works for the most part. If I go to a website like https://ip4.me from Site A, it returns the other ends (Site B's) external IP as I expect it to. I have on Site A outbound routes to use the VPN gateway..
My strange issue is, I noticed some sites I can't access. For example https://github.com/ If I try to go to it on Site A, the page can't load. However, if I go to https://www.google.com, https://www.msn.com, https://ip4.me, https://www.amazon.com, those all work.
Any idea what would cause this? It appears it has something to do with the secure connection to the website, but I can't pin point it :(.
-
@meluvalli Site A routes through Site B to get to the internet?
-
Correct. Not all machines, but some. It's setup through Firewall. Not ALL traffic, but I have it setup by source address. So, for example, if source address = 192.168.1.100 then use VPN as default gateway on LAN side. Then on B side, I have outbound NAT rule on Side B saying if source address = 192.168.0/24 then NAT Wan Address.
-
@meluvalli So routing works. At Site B can you hit those sites you mentioned? Do you have pfblocker enabled?
-
@michmoor Yes. At site B, those sites work. I do not use pfblocker or anything like that.
-
@meluvalli For now, I ended up switching to WireGuard. I much prefer to use IPSec though. IPSec seems more stable of a connection. I really would like to get to the bottom of this :(
-