I have recently updated a cluster with a few nodes having pretty similar network setup. Each node is connected with a few external networks over ipsec.
And just one node behaves crazy (this is really strange). I can't ping any of the networks that are tunneled through the ipsec. Tunnels are created successfully, routes are being added. Additional research with
Attached the
What is more strange it worked perfectly fine before the upgrade and I did nothing besides upgrade and reboot...
I can easily imagine how difficult to diagnose such a thing, so just a point into right direction what I can dig/research would be appreciated too...
And just one node behaves crazy (this is really strange). I can't ping any of the networks that are tunneled through the ipsec. Tunnels are created successfully, routes are being added. Additional research with
tcpdump showed that indeed ICMP replies are coming back through the tunnel, but are getting dropped! Disabling firewall completely on the node makes it work...Attached the
pve-firewall compileWhat is more strange it worked perfectly fine before the upgrade and I did nothing besides upgrade and reboot...
I can easily imagine how difficult to diagnose such a thing, so just a point into right direction what I can dig/research would be appreciated too...