IPSec does not work as expected

Hello Nethserver community, I hope everyone is doing great. I have a little challenge here. I’m testing IPSec on Nethsecurity. I can establish the ipsec connection without errors.
when I try to connect to the remote network it does not find it, when I use ping it returns “Destination Host Unreachable”. I’ve checked the route table and found the route.
One thing that stands out for me is the fact that it uses a (I believe) virtual interface, as far as I know ipsec does not create an interface for the vpn (unlike openvpn), but on Nethsecurity it does (maybe it is a implementation difference).

I made a test, removing the route using the virtual interface and added the WAN interface instead:

Let me explain:
Nethsecurity → Nethsecurity:

  • I need to change the route in both ends and connect.

Nethsecurity → Nethserver:

  • Before I make any adjusts in the routing table:

    • Nethserver → Nethsecurity (ok, I can connect fine)
    • Nethsecurity → Nethserver (does not work)
  • After I fix the routing table (only in the Nethsecurity, since Nethserver does not create a virtual interface:

    • Nethserver → Nethsecurity (stopped working)
    • Nethsecurity → Nethserver (works fine)

Well, that is it. My lab is on proxmox. I don’t believe I made any mistake on the setup, and the Ipsec connection is established, the one thing that bugs me is the virtual interface and the routing table using it. If someone had this issue or can add up to this I would appreciate, if any more information is needed, just ask me and thanks in advance for your help.

It Worked in a physical environment, on my proxmox environment does not work as expected. I don’t understand why.

On VMWare, if promiscuous mode is not enabled network traffic do not work as intended (for instance, in NS7 the NSDC/AD Container cannot be reached).

Proxmox should have something similar…

Hi

Proxmox does not need promisious mode set, neither for NS7 nor for NS8. Networking, including VPNs of all sorts (IPsec, OpenVPN, Wireguard) all work out of the box. Tested using VirtIO drivers on both sytems.
AFAIK, it is needed to set promicious mode on all other Hypervisors (Hyper-V, VMWare ESXi, XEN).

Note: I have not tested NethSecurity so far, planned for this or next weekend… :slight_smile:

My 2 cents
Andy