Author Topic: HQ to Branch 20/20mbps on both sites using Hyper-V as host and TMG as UTM.  (Read 1810 times)

fernandoxavier

  • Member
  • ***
  • Posts: 3
    • View Profile
Hello,

We are trying WanOS v3.2.3 VM on 2 sites (HQ and Branch) in bridge mode, following the tutorial here: http://wanos.co/docs/docs/wanos-admin-guide/installation/hyper-v/

The VMs are using 2gb of ram and 4cores each

We use TMG as UTM, witch closes an ipsec tunnel from HQ to Branch

Normally, is is like this:

Branch and HQ both uses an 20/20mbps dedicated link, HQ is 172.0.10.0/24 and branch 172.0.20.0/24

HQ-LAN - HQ-TMG - Internet - Branch-TMG - Branch-LAN

What we are trying to achieve is this:

HQ-LAN - HQ-WAN_OS - HQ-TMG - Internet - Branch-TMG - Branch-WAN_OS - Branch-LAN

TMG has a WAN and LAN nic, the WAN nic is attached to a port connected directly to the internet router, the LAN to the local LAN

WanOS virtual WAN port is attached to the virtual LAN interface of the TMG, its LAN port is configured as internal-onlyb on Hyper-V

We can see traffic passing on WanOS dashboard on both ends, but no optimized traffic rx/tx, only pass-through

Peer status always list as "Idle", regardless of how we configure multisite

We tried changing encapsulation from ipcomp to udp on both ends, no luck

We even tried to trial keys on both ends to see if this was a problem, no luck

In both sites, the logs don't show the "peer detected on lan0" messages

Diagnostics screens shows all "OK" except password changed, which we don't believe may be the source of the problem

Did we miss a step in the configuration?

How can we diagnose the problem to make sure TMG is not the issue?

Thanks!

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 625
    • View Profile
Re: HQ to Branch 20/20mbps on both sites using Hyper-V as host and TMG as UTM.
« Reply #1 on: September 20, 2017, 08:20:11 PM »
Hi,

It all sounds ok. What traffic policies are configured, can you attach a screenshot?

Also what protocol are you testing with?

If the traffic policy is only matching 172.0.10.0/24 and 172.0.20.0/24 and default #99 bypass, try setting UDP encapsulation and then switching the lan0/wan0 port roles. If the rest is as you say, I see no reason for TCP traffic e.g. HTTP, CIFS, FTP etc not to be optimized.
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

fernandoxavier

  • Member
  • ***
  • Posts: 3
    • View Profile
Re: HQ to Branch 20/20mbps on both sites using Hyper-V as host and TMG as UTM.
« Reply #2 on: September 21, 2017, 06:25:01 PM »
Thanks for answering! Here are some screenshots (attached)

We are now using UDP encapsulation to test everything

I can see traffic passing on passthrough, but not a single thing on optimized traffic, when I go to network / protocols I have graphs on both wan and lan, but seems to be a very small amount of it, that made me suspect that TMG is encrypting traffic before wanos and since it cant optimize encrypted traffic, is passes through all, therefore being a problem with our topology

Can you see anything inherently wrong in our configuration?

I will try switching interface roles.

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 625
    • View Profile
Re: HQ to Branch 20/20mbps on both sites using Hyper-V as host and TMG as UTM.
« Reply #3 on: September 21, 2017, 06:54:56 PM »
Quote
when I go to network / protocols I have graphs on both wan and lan, but seems to be a very small amount of it

That does not sound right. Even with bypass traffic, all the traffic will be graphed. E.g. a 10 Mbps bypass transfer will show 10 Mbps on the bypass and lan/wan stats. This would indicate that the traffic is not flowing over the bridge as intended.

The configs looks fine. Just check the traffic flow.
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

fernandoxavier

  • Member
  • ***
  • Posts: 3
    • View Profile
Re: HQ to Branch 20/20mbps on both sites using Hyper-V as host and TMG as UTM.
« Reply #4 on: September 25, 2017, 02:36:23 PM »
Ok so we're getting somewhere

When we transfer files from one Hyper-V HOST to another HOST the traffic light up and we can see all graphs and peer status changes to UP

Not so much for the VMs

They all use the same NIC to communicate between the ends, so it is strange that WanOS is not "seeing" the traffic passing in them but is for the Hosts

We tried disabling virtual machine queues and ipsec offloading on the guest vms without success

Still searching for a cause, any tips?

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 625
    • View Profile
Re: HQ to Branch 20/20mbps on both sites using Hyper-V as host and TMG as UTM.
« Reply #5 on: September 26, 2017, 12:49:49 PM »
Hi Fernando,

Is the traffic you are expecting to see registering on the lan0/wan0 interface graphs?
This would indicate whether it is a case of  "nothing to see" rather than "not seeing" the traffic.
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs