I have been banging my head on this one since 3 am, and am hoping i just have an oversight on something.
Last week I stood up test environment and ported over my production code, I setup 7 remote sites and changed over my config from using OpenVPN to GRE/IPSec, a hub and spoke topology with an extra L2TPv3 tunnel. I succeeded in my lab environment and the results were to my liking so this morning I cut over all the configs to production. the GRE/IPSec is working, and BGP is doing its thing but for some reason over the L2TPv3 link, i can pull a DHCP or ping over the WAN.
Its driving me crazy because in the test environment, it did these things just fine. I spent last week setting up DMVPM but i ran into issues with the tunnels dropping off after 8 hours to then come back on after 10 minutes, which wasnt going to work for me.
in my test environment, i stood up a single router with 4 interfaces to make up my internet (Verizon Static, Verizon DHCP, Comcast DHCP, AWS DHCP) all this on a single VM Host.
Now that I am in production the only diviation aside from real internet is the L2 router / DHCP is on a diffrent VM Host than the VPN Hub. -is their something i am missing, L2 should be L2 it shouldnt have to reside on the same host.
running TCPDUMP on both the VPN Hub and one of the remote sites that i am physically located the outputs match, line by line, so looks like the tunnel is working. but i am not getting DHCP or ping from the other host.
I did find that Perspicuous mode was rejected on the second VM host, and changed it to accept, but still nothing. (unless I have to reboot it after than change)
Can anyone think of what I am missing?
The previous config I was using GRE-Bridge to pass the traffic over the internet inside the OpenVPN, so traffic is passing between the two hosts and I use the original Production MAC addresses when porting over the configs from test.