Hi, I have two Proxmox servers with a tunnel between them. One host has internal network 10.99.5.0/24 and the second 10.99.6.0/24. They can see each other (so ping from 10.99.5.2 to 10.99.6.2 works).
Both servers have OpenVZ containers connected to the bridged interface. Containers from 10.99.5.0/24 cannot ping any host from 10.99.6.0/24 and vice versa. Here's iptables logs from host 10.99.5.2 (proxmox host) when trying to ping it from 10.99.6.106 (container) Nov 5 21:52:15 gondolin kernel: IN=vmbr0 OUT= MAC=d4:3d:7e:e2:fd:68:3c:94:d5:4b:1d:1f:08:00 SRC=10.99.6.106 DST=10.99.5.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=10932 SEQ=3 And here is the log from 10.99.6.106 (container) when trying to ping it from 10.99.5.2 (proxmox host): Nov 5 21:53:53 morsy kernel: IN=eth0 OUT= MAC=a2:96:3e:87:22:3a:02:9a:78:e9:fe:fa:08:00 SRC=10.99.5.2 DST=10.99.6.106 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=9142 SEQ=3 In both cases there are no responses. But when trying from 10.99.5.2 (proxmox host) to 10.99.6.2 (proxmox host) everything is OK: Nov 5 21:55:36 nevrast kernel: IN=vmbr0 OUT= MAC=d4:3d:7e:f8:ee:60:54:e0:32:f2:a5:12:08:00 SRC=10.99.5.2 DST=10.99.6.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=9674 SEQ=22 Nov 5 21:55:36 nevrast kernel: IN= OUT=vmbr0 SRC=10.99.6.2 DST=10.99.5.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=2466 PROTO=ICMP TYPE=0 CODE=0 ID=9674 SEQ=22 How to diagnose such problem, any thoughts? I'm not sure if it's related to Strongswan, Proxmox or my network setup... thanks, Karol _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
