Hello. I’ve using a vyos 1.1.7 in several labs, but lately I’m experiencing some strange problems with one of them.
Clients get IP addresses from vyos dhcp, which nats the connections to the internet.
For some reason, some sites are accessible, others not. The only thing I’ve found so far is that this happens with sites that use https. Nevertheless, some sites work, even when using https. Facebook.com, among others, is working!?
What I’ve done so far:
-rebooted the switch (no result)
-rebooted vyos (it seems it starts working a few minutes after boot, then fails again)
-reinstalled vyos (same as above)
-checked for errors in interfaces (no errors).
-completely disabled firewall (no result)
This isn’t making any sense. I have another vyos running on the exact same hardware, same switch brand and model without any issues.
I was trying to send a pcap file as attachment, but the “type of file is not allowed”. I send a jpeg instead.
Any ideas please?
Thank you so much for the reply. Our network guys are using a checkpoint firewall with the flag “stateful inspection – drop out of state tcp packets” on.
when they disable this, vyos works fine. I’ve now asked to put it on again to see if I still get this awkward behavior. In case it happens I’ll try the command you provided. I’ll get back in touch.
Anyway…still strange why 2 vyos running on exactly the same hardware serving 2 labs each, one has this behavior while the other doesn’t.
The network guy checked for port errors and there were ingress errors on the port where the external vyos interface is connected.
After the errors were cleared everything worked fine (sill is working), although the errors still appear. I think I might have problems again when the number of errors reaches a higher volume. Anyway, don’t know what might be causing the errors. Could vyos malformed packets cause port errors?