Hi, Am 03.02.2018 um 00:18 schrieb Grant Taylor: > > Maybe, maybe not. > > I thought you had additional globally routed IPs bound to the outside > interface that were DNATed into the VMs. (Have I remembered > incorrectly?) They're bridged through the physical interface and should not interfere with the other packages. > > If that is the case, then MASQUERADEing will likely cause at least one > of the tunnels to end up with the wrong GRE source IP on outgoing > packets. > How do you mean that with at least one of the tunnels? Could you give an example? In fact I do have one tunnel, that is still down. I ignored it, because I thought there might be another problem with that one. > >> True, but the implementation and my configuration of the same should >> handle both cases. > > I think it's a complication related to interaction between arrival > timing and what Connection Tracking is expecting. Hence the > "UNREPLIED" in the output of conntrack -L. How do you mean this exactly? The first package might be incoming or outgoing. Or are you thinking of the case, that they might arrive the (almost) the same time? > >> I'd have to look that up. So far the ping keeps the tunnels going. > > Well, I think that's a good thing. It seems like we're narrowing in > on the problem. The solution to said problem may be something else. > (Unless you want to just leave persistent pings running. }:-) > The ping workaround still works :). Bye, Matthias -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
