Weird Proxmox Networking Issue?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

Eric Faden

Member
Dec 5, 2016
98
6
8
41
Alright... this is really odd and I need a second opinion....

I have a Mikrotik firewall. The main network is 10.0.0.0/24. I have two proxmox servers 10.0.0.100 and 10.0.0.110. I am currently connected to my router via L2TP over IPSec (10.0.10.99). I can ping and connect to one of the proxmox servers, but not the other. If I ssh to the one I can connect to it can ping and connect to the other.... same with the router. Just the one won't respond at all from the L2TP tunnel. I can see the ICMP packet getting sent through the firewall.... but I can't see a respond from the Proxmox box.

I checked and both of the proxmox servers have the same settings and are basically fresh installs. I can't find anything in the logs.... and iptables has no rules and ACCEPT for all chains....

Any thoughts on where to even look? It seems that the one proxmox server just isn't responding to the L2TP tunnel?

I'm going nuts.

-Eric
 

Eric Faden

Member
Dec 5, 2016
98
6
8
41
Yes. And both can access the internet. Even more odd, I can ping one of the VMS on the machine, but can't ping the hypervisor...

Sent from my Pixel XL using Tapatalk
 

ttabbal

Active Member
Mar 10, 2016
743
207
43
47
Can you go the other way and ping from the Hypervisor to the VPN? You might try traceroute as well. I suspect there is a slight routing difference somewhere throwing it off.
 

Eric Faden

Member
Dec 5, 2016
98
6
8
41
No. The proxmox can't ping the VPN client either... I compared the two proxmox machines... Can't find a difference.

Sent from my Pixel XL using Tapatalk
 

Eric Faden

Member
Dec 5, 2016
98
6
8
41
In fact the proxmox host is the only computer with a problem. It's got to be on there somewhere.

Sent from my Pixel XL using Tapatalk
 

RedneckBob

New Member
Dec 5, 2016
9
1
3
120
In fact the proxmox host is the only computer with a problem. It's got to be on there somewhere.

Sent from my Pixel XL using Tapatalk
On the broken host can you post the output of:

cat /etc/network/interfaces

May want to compare that output with the working host.
 

SlickNetAaron

Member
Apr 30, 2016
50
13
8
43
It'll drive a guy mad, won't it?!

My gut says a subnet mask is off somewhere.

Do you have any port channels/LACP/port bonding type scenarios? Easy to get the hashing off between switch and host or a port not failing in a clean way that sends some traffic across one port and some to the port that isn't working well. From your problem host, can you ping every other IP on the network? Ping gateway? Unplug all but one up link to the switch, break and restart your ping tests.

Routes on your VPN client machine and firewall? Proper network masks across the board?

.100 is where a lot of people start their DHCP scopes, is there a duplicate IP? ARP entries match in switch and firewall and other hosts you are trying to ping from - to the trouble host?

Can you try to re-IP the problem host by a single IP? No leftover routes from an old config?

I've done silly things like miss an allowed VLAN on my switch.. Lots of things.

What is your switch seeing?