Author Topic: Tunnel mode peer not coming up, Idle  (Read 3251 times)

Ovez

  • Member
  • ***
  • Posts: 2
    • View Profile
Tunnel mode peer not coming up, Idle
« on: April 27, 2017, 07:33:42 AM »
Hello everyone.

Tunnel mode peers not coming up, stay Idle on my test setup.

Setup: two virtual servers (WANOS-1, WANOS-2) on Esxi, both can ping each other, both have static IP addresses from different subnets, both are v3.2.3 and configured according to tutorial: http://wanos.co/docs/docs/wanos-admin-guide/deployment/tunnel-mode/
Switched from ipcomp to UDP. Promiscous mode is off on Vmware. Didnot help.

The host connected to WANOS-1 has Internet available through that server, but since WANOS-2 peer is not coming up - we just have bypass traffic.
Also noticed one thing - when host is coming up and has some activity, the WANOS-1 peer status on WANOS-2 setup shows it is up, but on WANOS-1 is Idle.

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: Tunnel mode peer not coming up, Idle
« Reply #1 on: April 27, 2017, 08:05:28 AM »
Hi Ovez,

Steps in a nutshell are:
Deploy VM with one nic connected to the network
Configure IP address and GW (WAN Router)
Configure Traffic Policies to match local subnets (Source) to remote subnets (Destination)
Add default #99 bypass to pass-through all other subnets traffic
(v.2.x to v.3.x) Configure Multisite subnets that match traffic policies with remote peer IP address (start with site-0)
(or v.4.x) Configure Tunnel Policies that match remote subnets with remote peer ip
Switch to UDP encapsulation
Switch to Tunnel deployment
Configure Server-A in Site-A to use Wanos-A as default gateway
Configure Server-B in Site-B to use Wanos-B as default gateway
Test non-bypassed TCP traffic between Server-A and Server-B (e.g. HTTP, FTP)

One side "Up/Active" while the other side is "Idle" usually indicates asymmetric/one way traffic flow.
Since Wanos-2 shows up, it means Wanos-1 is probably configured OK.
Look to see that the Servers at Site-2 has Wanos-2 as default GW.

Once the setup is functional between Server-1 and Server-2 with default gateways, then next look at configuring more interesting routing setups with Policy based routing etc.

Note a difference between v.3 and v.4 tunnel mode:
v.2-v.3 Only optimized traffic is tunneled while the peers are online e.g. excluding ICMP
v.4 All traffic is tunneled, including ICMP
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

Ovez

  • Member
  • ***
  • Posts: 2
    • View Profile
Re: Tunnel mode peer not coming up, Idle
« Reply #2 on: April 27, 2017, 01:44:09 PM »
Hello ahenning,

Thank you so much for extended explanation and sorry for my mistake, because I just now got the idea that 2nd site should have a server too.

I just wanted to compress the internet traffic for a host on side A, which has limited bandwidth. And my site B just has a single WANOS-B server, connected to Internet, without any hosts.

What should I do in this case?

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: Tunnel mode peer not coming up, Idle
« Reply #3 on: April 27, 2017, 02:04:58 PM »
Ok, yes, the inbound internet traffic on the B side is probably not redirected to the wan0 address.

There are a couple ways to work around it. I think the quick and easiest would be to fire up a second VM server on the Internet side and enable a Squid proxy on that side with a route directing traffic to the server-A IP to Wanos-B wan0. Then your traffic would flow in both directions and it should work as expected.

On Amazon AWS we have also done it with only wanos v.4 on the AWS side. But I recommend the easier method above since the setup is almost complete.
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs