Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.bsd.cafe/users/subnetspider/statuses/114201502028693442">subnetspider (subnetspider@mastodon.bsd.cafe)'s status on Saturday, 22-Mar-2025 06:50:07 JST</a><a href="https://mastodon.bsd.cafe/@subnetspider" title="subnetspider@mastodon.bsd.cafe"><img src="https://gnusocial.jp/avatar/336396-48-20250321215007.webp" width="48" height="48" alt="subnetspider" style="position: absolute; left: 0; top: 0;">subnetspider</a></section><article><p>Got an "emergency" helpdesk ticket today, a customer lost communication between all six sites, which is critical for their operation.</p><p>Logged into the main firewall that all the other five sites connect to via VPN, as they have two internet connections with public IPs.</p><p>Found that all VPNs were down on both Internet connections, failover not working, and that no traffic was coming in on UDP 500/4500 on the wan side.</p><p>I suspected their CPE routers were the culprit, and wouldn't you know it, someone created a remote access IPSec connection on both routers, using the ports required by the firewall behind them.</p><p>Called the customer and they confirmed that some MSP that shall not be named had set up their own VPN access yesterday without telling anyone, nor testing if anything's still running. 😑 </p><p>Scenarios like this make up most of my work: Fixing problems caused by other people who don't know what they're doing, but are smart enough to be dangerous.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4772218#notice-9348374">In conversation</a><time datetime="2025-03-22T06:50:07+09:00" title="Saturday, 22-Mar-2025 06:50:07 JST">about 3 months ago</time> <span>from <span><a href="https://mastodon.bsd.cafe/@subnetspider/114201502028693442" rel="external" title="Sent from mastodon.bsd.cafe via ActivityPub">mastodon.bsd.cafe</a></span></span><a href="https://mastodon.bsd.cafe/@subnetspider/114201502028693442">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
subnetspider (subnetspider@mastodon.bsd.cafe)'s status on Saturday, 22-Mar-2025 06:50:07 JST subnetspider
Got an "emergency" helpdesk ticket today, a customer lost communication between all six sites, which is critical for their operation.
Logged into the main firewall that all the other five sites connect to via VPN, as they have two internet connections with public IPs.
Found that all VPNs were down on both Internet connections, failover not working, and that no traffic was coming in on UDP 500/4500 on the wan side.
I suspected their CPE routers were the culprit, and wouldn't you know it, someone created a remote access IPSec connection on both routers, using the ports required by the firewall behind them.
Called the customer and they confirmed that some MSP that shall not be named had set up their own VPN access yesterday without telling anyone, nor testing if anything's still running. 😑
Scenarios like this make up most of my work: Fixing problems caused by other people who don't know what they're doing, but are smart enough to be dangerous.
In conversationabout 3 months ago from mastodon.bsd.cafepermalink

Public

Embed Notice

HTML Code

Corresponding Notice