Author Topic: wanos + ESXi with pfSense NAT  (Read 17132 times)

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: wanos + ESXi with pfSense NAT
« Reply #15 on: December 24, 2014, 07:51:38 PM »
First make sure by checking the interface and optimization stats. They'll confirm if optimization is indeed running.

run from the cli:
wanos-show bypass0.active

If it says 'false', then the peer is actually up, even though you see nothing in the GUI (I'll investigate and see if I can reproduce the blank status)

If not, the most likely causes:
Traffic is not flowing through the device in both directions
lan0 - wan0 are reversed on one of the sides
bypass rule is in place that's passing traffic through
Test protocol is in the default bypass list e.g. 443
« Last Edit: December 24, 2014, 07:58:35 PM by ahenning »
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

astar

  • Member
  • ***
  • Posts: 11
    • View Profile
Re: wanos + ESXi with pfSense NAT
« Reply #16 on: December 24, 2014, 08:47:14 PM »
Interface status shows correct data for Receive and Transmit on wan0 and lan0 with Errors and Dropped : 0
Optimization and Interface Graps do report some activity but under "Sessions" all have 0% reduction
wanos-show bypass0.active  reports "true"

Ports are not reversed for sure, because when I reversed it, I lost access to environment

I will perform clean.sh action on both wanos appliance and start all over.

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: wanos + ESXi with pfSense NAT
« Reply #17 on: December 24, 2014, 09:58:34 PM »
If the ports are reversed the appliances would not detect each other and remain in pass-through and not affect traffic. If 'reversing' them affected traffic, that is more likely the right way round.

Assuming this is correct, then it could be NAT or the Firewalls dropping proto 108. When testing UDPEncap, enable both ends and reset the service.
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

astar

  • Member
  • ***
  • Posts: 11
    • View Profile
Re: wanos + ESXi with pfSense NAT
« Reply #18 on: December 26, 2014, 10:02:42 PM »
WanOS behind pfsense by UDPENCAP=Enable didn't work for me.  Is it possible for you to create a similar setup at your side and verify?

To continue with my tests I switched to following setup;
ISP Cable connects to WanOS wan0
WanOS Lan0 connects to PFSense wan
PFSense lan connects to lan switch
Desktops connect to lan switch

So far peers are up and I see graph data under Wan Tx Reduction columns.
I am using this tool to generate traffic http://www.roadkil.net/program.php/P5/CommTest for testing
Can you verify my traffic policies are correct? I just want optimization between 10.10.9.150 and 10.10.8.137.

The only thing with this setup is, assigning public ip to WanOS for management.
I tried Wanos Out of band management as mentioned at link http://wanos.co/forum/index.php?topic=49.0 but it did not work.
Added third nic in WanOS appliance connecting to LAN.  sudo vi /opt/bootlocal.sh to add
ifconfig eth2 192.168.210.99 netmask 255.255.255.0 broadcast 192.168.210.255 up
question - Do I still need to assign another ip e.g. 192.168.210.200 using wanos-cfg ?
Can you assist here?
SiteA :- Wan IP - 10.10.9.150/22  Lan network- 192.168.210.0/24 GW - 192.168.210.1
SiteB :- Wan IP - 10.10.8.137/22  Lan network- 192.168.220.0/24 GW - 192.168.220.1

I'll further continue to test vpn traffic between these two sites.

Thanks

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: wanos + ESXi with pfSense NAT
« Reply #19 on: December 26, 2014, 10:11:03 PM »
Policies look fine:
I would recommend to only enable UDP right at the end once everything is setup and running as expected.
Also are you sure you want the whole /22 or just the specific ip addresses? If just the specific host addresses, the mask needs to be /32 in the policy.
Quote
I just want optimization between 10.10.9.150 and 10.10.8.137.

Out of band management is not a supported feature in Express.
« Last Edit: December 26, 2014, 11:35:25 PM by ahenning »
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs