[AusNOG] IPsec VPN over 4G telstra issue

Craig Askings craig at askings.com.au
Fri Sep 21 10:05:19 EST 2018


CGNAT, like all NAT is a finicky beast. Best long term solution is to use ipsec over IPv6 and Telstra support Dual stack on their 4g network so nothing is stopping you from that side. 

I'm certainly bumping it up my priority list. 


> On 21 Sep 2018, at 9:20 am, Chris Barnes <chris.p.barnes at gmail.com> wrote:
> 
> Has anyone received a Reason For Outage report on this?
> 
> 
> On Fri., 21 Sep. 2018, 6:49 am Mat van den Hoogen, <Mat at mimp.com <mailto:Mat at mimp.com>> wrote:
> Thanks Russell,
> 
> All looks good here, cheers!
> 
> ~Mat
> 
> On 21 Sep 2018, at 6:08 am, Russell Langton <russell3901 at gmail.com <mailto:russell3901 at gmail.com>> wrote:
> 
>> Hi All,
>> Fix was successfully deployed this morning.
>> This should fix any IPsec IKE issues.
>> CPE may need to be rebooted if not automatically restored.
>> 
>> Let me know if any further issues.
>> 
>> 
>> On Thu, 20 Sep. 2018, 12:46 pm Dino Sosic, <Dino.Sosic at datacom.com.au <mailto:Dino.Sosic at datacom.com.au>> wrote:
>> Hi,
>> 
>>  
>> 
>> Telstra is putting a fix to this issue with a change order tonight. Should be fixed after that.
>> 
>> Cheers
>> 
>> Dino
>> 
>>  
>> 
>>  
>> 
>> From: Alex Samad <alex at samad.com.au <mailto:alex at samad.com.au>> 
>> Sent: Thursday, 20 September 2018 10:34 AM
>> To: russell3901 at gmail.com <mailto:russell3901 at gmail.com>
>> Cc: Mat at mimp.com <mailto:Mat at mimp.com>; Ausnog <ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>>; Dino Sosic <Dino.Sosic at datacom.com.au <mailto:Dino.Sosic at datacom.com.au>>
>> Subject: Re: [AusNOG] IPsec VPN over 4G telstra issue
>> 
>>  
>> 
>> Do we know what the issue is ?
>> 
>> Is it just the IKE packets or are there other packets disappearing 
>> 
>>  
>> 
>> We use PA's ipsec vpn tech so ipsec inside udp from memory - wondering if they are filter / intercepting or ?
>> 
>>  
>> 
>> A
>> 
>>  
>> 
>> On Thu, 20 Sep 2018 at 09:46, Russell Langton <russell3901 at gmail.com <mailto:russell3901 at gmail.com>> wrote:
>> 
>> Thanks Mat, its being worked on.
>> 
>>  
>> 
>> On Thu, 20 Sep. 2018, 9:32 am Mat van den Hoogen, <Mat at mimp.com <mailto:Mat at mimp.com>> wrote:
>> 
>> We are experiencing the same on a few of our services, nothing has come back up though for us yet :(
>> 
>> —Mat
>> 
>> 
>> On 19 Sep 2018, at 8:11 pm, Russell Langton <russell3901 at gmail.com <mailto:russell3901 at gmail.com>> wrote:
>> 
>> Hi All,
>> 
>> I'll reach out to some of you for details of the services impacted and get it in front of the right people to progress.
>> 
>>  
>> 
>> On Wed, Sep 19, 2018 at 5:20 PM Peter Tiggerdine <ptiggerdine at gmail.com <mailto:ptiggerdine at gmail.com>> wrote:
>> 
>> ROFL! THAT'S GOLD!!
>> 
>>  
>> 
>> Dutton Button!!
>> 
>>  
>> 
>> Regards,
>> 
>>  
>> 
>> Peter Tiggerdine
>> 
>>  
>> 
>> GPG Fingerprint: 2A3F EA19 F6C2 93C1 411D 5AB2 D5A8 E8A8 0E74 6127
>> 
>>  
>> 
>>  
>> 
>> On Wed, Sep 19, 2018 at 5:18 PM Matt Palmer <mpalmer at hezmatt.org <mailto:mpalmer at hezmatt.org>> wrote:
>> 
>> On 19 Sep 2018, at 4:33 pm, Dino Sosic <Dino.Sosic at datacom.com.au <mailto:Dino.Sosic at datacom.com.au>> wrote:
>> > Apparently Telstra confirmed today that there are issues with forming VPN
>> > IPsecs over 4G SIMs on telstra.internet APN. Anyone experiencing the same
>> > or knows anything about it? I have multiple sites down. IKE packets simply
>> > not making it to the other side.
>> 
>> Uh oh, looks like someone accidentally lent on the Dutton Button.
>> 
>> - Matt
>> 
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>> http://lists.ausnog.net/mailman/listinfo/ausnog <http://lists.ausnog.net/mailman/listinfo/ausnog>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>> http://lists.ausnog.net/mailman/listinfo/ausnog <http://lists.ausnog.net/mailman/listinfo/ausnog>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>> http://lists.ausnog.net/mailman/listinfo/ausnog <http://lists.ausnog.net/mailman/listinfo/ausnog>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>> http://lists.ausnog.net/mailman/listinfo/ausnog <http://lists.ausnog.net/mailman/listinfo/ausnog>
>> 
>> Confidentiality and Privilege Notice
>> 
>> This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message or responsible for delivery of the message to such person, you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you.
>> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> http://lists.ausnog.net/mailman/listinfo/ausnog <http://lists.ausnog.net/mailman/listinfo/ausnog>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180921/9bcd0265/attachment.html>


More information about the AusNOG mailing list