Snapshot Replication over IPSec VPN not working


Recommended Posts

I have a VMware edition of DSM running with latest code, DSM 6.2.3-25426 Update 3

The target system is a DS3615xs appliance running the same code.

 

Both systems have a pfsense firewall doing site to site IPSec VPN, where we allow all traffic from IP to IP from each DSM system.

From the CLI were able to ping eachothers system without issue, approx 50-70ms (across country)

On the IPSec rules we have a Any from Src 192.168.1.4 to dest 172.16.1.100 and reverse rule to cover all the bases, on both firewalls.

 

But when we attempt to setup the replication session for the shared folder we get the following error in synodr_replica.log

 

Any thoughts on what to check? 

 

2021-02-25T08:05:23-06:00 angrybackup synoscgi_SYNO.DR.Plan_1_check_remote_conn[5138]: core_operation/remoteconn_reverse_create.cpp:352(CreateReverseTempCred)[ERR][5138]: Failed to parse cred id of conn[0] with err[{"err_code":528,"err_code_str":"failed to get session"}]
2021-02-25T08:05:23-06:00 angrybackup synoscgi_SYNO.DR.Plan_1_check_remote_conn[5138]: core_operation/remoteconn_reverse_create.cpp:410(Run)[ERR][5138]: Failed to create reverse conn with err[{"err_code":528,"err_code_str":"failed to get session"}]
2021-02-25T08:05:23-06:00 angrybackup synoscgi_SYNO.DR.Plan_1_check_remote_conn[5138]: plan/plan.cpp:543(CreateRemoteConn)[ERR][5138]: Failed to create dst to src conns with err[{"err_code":528,"err_code_str":"failed to get session"}]
2021-02-25T08:08:15-06:00 angrybackup synoscgi_SYNO.DR.Plan_1_check_remote_conn[7701]: core_operation/remoteconn_reverse_create.cpp:280(InitDefaultLocalSiteConns)[ERR][7701]: Failed to test conn from remote to local controller[0] with resp[{"api":"SYNO.DR.Node","error":{"code":522},"method":"test_connection","success":false,"version":1}]
2021-02-25T08:08:15-06:00 angrybackup synoscgi_SYNO.DR.Plan_1_check_remote_conn[7701]: core_operation/remoteconn_reverse_create.cpp:330(InitLocalSiteConn)[ERR][7701]: Failed to init default reverse with err[{"err_code":703,"err_code_str":"connection failed","err_msg":{"conns":[{"addr":"192.168.1.4","port":5000,"protocol":"http"}],"controller_id":0}}]
2021-02-25T08:08:15-06:00 angrybackup synoscgi_SYNO.DR.Plan_1_check_remote_conn[7701]: core_operation/remoteconn_reverse_create.cpp:406(Run)[ERR][7701]: Failed to init remote to local site conns with err[{"err_code":703,"err_code_str":"connection failed","err_msg":{"conns":[{"addr":"192.168.1.4","port":5000,"protocol":"http"}],"controller_id":0}}]
2021-02-25T08:08:15-06:00 angrybackup synoscgi_SYNO.DR.Plan_1_check_remote_conn[7701]: plan/plan.cpp:543(CreateRemoteConn)[ERR][7701]: Failed to create dst to src conns with err[{"err_code":703,"err_code_str":"connection failed","err_msg":{"conns":[{"addr":"192.168.1.4","port":5000,"protocol":"http"}],"controller_id":0}}]

Link to post
Share on other sites

Not a helpful comment per se, but I can confirm replication does work fine over high latency connections and VPN.

 

Make sure each side can PING the local VPN interface as well as the remote one.

Link to post
Share on other sites

Thanks @flyride

 

Can confirm SiteA(172.16.1.100) can ping SiteB(192.168.1.4), and SiteB(192.168.1.4) can ping SiteA(172.16.1.100) IPs, both return approx. 70ms with no loss.

Also attempted with Encrypted aka Port 5001 and unencrypted Port 5000 in the Wizard to the same general error above.

Link to post
Share on other sites

Well looks like we found the issue, due to PPPoE on the target NAS side, we had to drop down the MTU of the DSM's to compensate, doing ping tests from node to node we found that 1410 MTU was the maximum unfragmented packet we could get across, changing the interfaces down to 1410 solved the problem, and data is flowing now.

 

Just a FYI to all.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.