[Swan] wierd connection issue el7->el6
Simon Peeters
simon at inuits.eu
Mon Jul 20 16:21:02 EEST 2015
hey all,
We are having a wierd problem getting an ipsec link to work for our
local development setup.
the setup is (ip addresses changed slightly):
boxA: centos7 behind NAT (and over an adsl line) port 500 and 4500
are forwarded
- private subnet ip is 10.50.32.1/19
- ip on inside of NAT is 192.168.1.10/24
- router at 192.168.1.1 has public ip ( lets say 123.4.5.6 )
boxB: centos6 our production ipsec "master" has multiple connections
to other machines, all working nice
- private subnet ip is 10.50.0.1/19
- has public ip. (lets say 1.2.3.4)
the issue: (below all using the private subnet ip)
we can ping A -> B and B -> A
we can ssh B -> A
we can't ssh A -> B (hangs on debug1 expecting
ssh2_msg_kex_dh_gex_group)
we can http GET from A to B
we can't http POST from A to B (timeout waiting for form data)
if i set up a centos6 node to replace box A (with the same config) all
the above works perfecly
I suspect this to be mtu related, but havn't figured out how.
Greetings
Simon Peeters
More information about the Swan
mailing list