Re: Is anyone successfully using IPSec along with Windows Server 2016 (1709)?

A William Martin
 

Pivotal has a commercial offering providing IPSec integration for the Windows stack. As a first stab, perhaps our public docs may contain some configuration clues for you?


On Sun, May 27, 2018 at 8:18 PM Aaron Huber <aaron.m.huber@...> wrote:
We're testing out the new Windows version and everything appears to be working correctly with the exception of traffic from the routers to the containers via the NAT on the Windows cells.  The IPSec session is working between the router and the Windows host itself but there is just no response when connecting to a mapped port inside a container.  For example:

router (10.10.10.10) -> windows2016-cell (10.10.10.11) - works fine for any open port (rep, consul etc.) on the cell itself
router (10.10.10.10) -> windows2016-cell (10.10.10.11) -> container (172.30.0.10) - no response to the external port for either HTTP or SSH (for example, 40000 and 40001)

As soon as we turn off IPSec the traffic works just fine and we can access the app via the gorouter and cf ssh is connecting successfully.  The error message from the router looks like this:

curl: (7) Failed to connect to 10.10.10.11 port 40000: Connection refused

Please let me know if you were able to get this working correctly.

Aaron

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.