Hi all,
I have a very weird problem.
I have a FusionHub instance on GCP and various remote locations with a BR1 setting up Speedfusion tunnels to the FusionHub. This has been working fine since long: the hosts on the various locations, behind their BR1s, can connect to the hosts on other locations. Routes are nicely advertised over the Speedfusion tunnels.
Today I enabled remote access using OpenVPN. This has worked fine as well: I got access to all hosts in all active remote locations using the “split tunnel” config. Note however I had to alter the remote IP address (of the VPN server) in the downloaded OpenVPN profile as there the internal GCP IP address was used instead of the public one, which is forwarding the necessary ports to the FusionHub instance.
Today I also added another remote location, called NewLoc, also with a BR1 setting up a Speedfusion tunnel to the FusionHub, which went fine, and I see its subnet 10.0.24.0/24 popping up as remote routes on the other locations.
However, this subnet 10.0.24.0/24 doesn’t pop up on the clients connected using OpenVPN. Even not when restarting the OpenVPN client and connection.
Also, from the other locations, I can ping the BR1 at 10.0.24.1 on the NewLoc, but cannot reach any device on its subnet 10.0.24.0/24.
Even more: since a reboot of both the BR1 and the FusionHub, the OpenVPN service doesn’t work anymore as it should be: I only see the “remote user access” network appearing in the routing table of the client, and no longer the subnets of the various remote locations which are connected using Speedfusion tunnels to the Fusionhub.
If I manually add a route to the 10.0.24.0/24 subnet in my routing table, I can ping to the BR1 on 10.0.24.1, but not to other devices on that network. However, from those devices in that network, I can ping to my computer on its remote access IP address given by the fusionhub.
I am using the latest firmware on all mentioned devices. Replacing the “split tunnel” profile by the “route all traffic” profile didn’t change a thing, except for the fact that I could immediately ping the gateway of NewLoc and the gateway and all active hosts in the older pre-existing remote locations.
On the FusionHub SpeedFusion Status page, I see the various remote subnets correctly advertised. On the various remote locations SpeedFusion Status pages, I also see all remote subnets advertised on the tunnel to the FusionHub, including the 10.0.24.0/24 remote subnet of NewLoc. The config of the NewLoc BR1 is almost exactly the same as the one in the pre-existing locations, apart from the new subnet.
What could be wrong? Thanks.