Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual WAN and dropped packets

    Routing and Multi WAN
    1
    1
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tsi
      last edited by

      1.2-RC1  Embedded on WRAP

      I have 2xWAN 2xLAN and 2XDMZ

      2xISPs BT (PPPoE) and Virgin (DHCP)

      I added static routes for each ISPs DNS and I'm not doing load balancing or failover

      LAN1 works over BT and LAN2 works over Virgin. Everything is ok outbound.

      I put an OpenVPN server on DMZ and created port forward NAT and fw rule

      As a test I put a laptop on LAN1 and connect ovpn client to the public IP address of WAN2

      Client–->PF(sis3)--->BT-WAN1(sis1)--->Internet--->Virgin-WAN2(sis2)--->DMZ(sis4)--->OVPN

      with tcpdump I see the packet arrive at the ovpn server and it responds. It then seems to get silently dropped by the fw. There's nothing in the filter log and tcpdump doesn't see it leaving any of the other interfaces.

      I tried the DMZ i/f with and without a gateway, doesn't make any difference. I also opened up ssh on the ovpn server as additional test but I get the same result. I had the same setup working when I had a single ISP.

      tcpdump from ssh

      vpn# tcpdump -i lnc1
      tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
      listening on lnc1, link-type EN10MB (Ethernet), capture size 96 bytes
      23:00:32.097891 IP <virginip>.56919 > 192.168.4.150.ssh: S 2981099879:2981099879(0) win 8192 <mss 1452,nop,wscale="" 8,nop,nop,sackok="">23:00:32.098084 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535 <mss 1460,nop,wscale="" 1,sackok,eol="">23:00:35.067268 IP <virginip>.56919 > 192.168.4.150.ssh: S 2981099879:2981099879(0) win 8192 <mss 1452,nop,wscale="" 8,nop,nop,sackok="">23:00:35.067345 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535 <mss 1460,nop,wscale="" 1,sackok,eol="">23:00:38.066337 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535 <mss 1460,nop,wscale="" 1,sackok,eol="">23:00:41.050725 IP <virginip>.56919 > 192.168.4.150.ssh: S 2981099879:2981099879(0) win 8192 <mss 1452,nop,nop,sackok="">23:00:41.050797 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535 <mss 1460,nop,wscale="" 1,sackok,eol="">23:00:47.048828 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535 <mss 1460,nop,wscale="" 1,sackok,eol="">23:00:59.044931 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535</virginip></mss></virginip></mss></virginip></mss></virginip></mss></virginip></mss></virginip></mss></virginip></mss></virginip></mss></virginip>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.