Strange VTI Routing issue

meluvalli · May 17, 2023, 2:58 PM

Hello. I have a VTI vpn setup between two servers. I have it set to allow traffic to go through the VPN and out on the other side. This works for the most part. If I go to a website like https://ip4.me from Site A, it returns the other ends (Site B's) external IP as I expect it to. I have on Site A outbound routes to use the VPN gateway..

My strange issue is, I noticed some sites I can't access. For example https://github.com/ If I try to go to it on Site A, the page can't load. However, if I go to https://www.google.com, https://www.msn.com, https://ip4.me, https://www.amazon.com, those all work.

Any idea what would cause this? It appears it has something to do with the secure connection to the website, but I can't pin point it :(.

michmoor · May 17, 2023, 4:39 PM

@meluvalli Site A routes through Site B to get to the internet?

meluvalli · May 18, 2023, 2:07 AM

@michmoor

Correct. Not all machines, but some. It's setup through Firewall. Not ALL traffic, but I have it setup by source address. So, for example, if source address = 192.168.1.100 then use VPN as default gateway on LAN side. Then on B side, I have outbound NAT rule on Side B saying if source address = 192.168.0/24 then NAT Wan Address.

michmoor · May 19, 2023, 7:18 AM

@meluvalli So routing works. At Site B can you hit those sites you mentioned? Do you have pfblocker enabled?

meluvalli · May 19, 2023, 7:18 AM

@michmoor Yes. At site B, those sites work. I do not use pfblocker or anything like that.

meluvalli · May 19, 2023, 2:27 PM

@meluvalli For now, I ended up switching to WireGuard. I much prefer to use IPSec though. IPSec seems more stable of a connection. I really would like to get to the bottom of this :(