Friday, March 9, 2018

ISP’s blocking VPN’s?

We have a remote site that used to form tunnels just fine, but suddenly stopped. After troubleshooting for a bit, I eventually switched out from esp to nat-t mode. Boom, tunnels came up. Great.

Fast forward two days later, and they’re down again.

tcpdump on both sides show the remote node’s packets never reach our data center.

I called the ISP to complain and they gave me the whole “we don’t block anything by default, I can’t confirm whether or not I see the traffic.” (It’s residential grade broadband.)

Finally we tried modified NAT-T with a custom port number. Boom, tunnels came up. Few days later they went down again. What is going on?



No comments:

Post a Comment