4 Replies Latest reply on Jun 28, 2019 6:31 AM by Eyadov

    Problem with starting VeloCloud VPN connection

    Eyadov Lurker

      Hello

       

      I've just started working with VeloCloud SD-WAN with cloud VCO and 2 virtual edges working on VMWare

      I am working in a lab and I have "hub 1" where I can get public IP

      the other machine is "branch 1" connected to internet through hotspot

      I created 3 links on each of the machines from the VCO

       

      GE3 is used as public link

      GE4 is used as private link to VPN network 1

      GE5 is used also as private link to VPN network 2

       

      SD-WAN Topology.png

      The problem is that on GE4 and GE5 I can see the private IP given by the hot spot in the overlay WAN

      in wireshark trace from both edges I can see UDP packets with DMPO port 2426 from both edges to the other but with no reply

      I can also see traffic toward GE4 "192.168.43.243" in Edge 1 from sd-wan IPs such as aws, ntp, velocloud management

      my assumption is since the branch overlay WAN public IP for both GE4 or GE5 is a private IP so it's not being routed when it goes to the public internet

      my question:

      is that normal ?

      if not is there a way to fix this ? is there any static routing required ? if so where to configure, other than the VPN selection in overlay WAN i couldn't find anywhere in VCO where I can set routing

      How to test traffic using GE1 and GE2 from both virtual edges ?

       

      Thanks in advance.

        • 1. Re: Problem with starting VeloCloud VPN connection
          lhoffer Hot Shot
          vExpertVMware Employees

          Yes, this is expected behavior.  Unless you configure a different source IP in the overlay, it'll source the DMPO traffic from the interface IP and since you're using RFC 1918 addresses, they'd need to be NAT'd by your upstream router before being sent out to the internet (or encapsulated across your VPN).

           

          No need for static routes though as long as you've configured a gateway IP in the interface config (and optionally a next hop in the overlay config if overlay traffic needs to go somewhere different for some reason).  Going to the "Configure" > "Edges" or "Profiles" > "Device" tab is where you'd configure that though if you need to.

          • 2. Re: Problem with starting VeloCloud VPN connection
            Eyadov Lurker

            Thank you for your reply

             

            I did some modification but still I can't get the tunnel running

            I activated the UDP hole punch, defined static IPs and modified the cloud VPN configuration, on GE3 I can see overlay WAN IP from both edges as public IPs

            When I go to diagnostics - > test path I can only see Gateway option and not GE3

            when I check test VPN , I am getting failed.

            your kind input is much appreciated

            • 3. Re: Problem with starting VeloCloud VPN connection
              amatarrita Novice

              Hi There,

               

              Can you share the following details with me:

               

              - Are these 2 devices in same profile?

              - If so, Can you share a screenshot of your profile?

               

              - Do the 2 devices have a common gateway? You can find out with list paths under remote diagnostics.

              - Make sure your modems are allowing UDP2426 both ways.

               

              Thanks!

              Anil

              • 4. Re: Problem with starting VeloCloud VPN connection
                Eyadov Lurker

                Thanks amatarrita

                 

                The problem was that I used a mobile hotspot for one of the edges for internet connection, and it seems that it doesn't support port forwarding.

                I changed to a normal router and it worked.