I have some serious problems with my newly setup network with a Layer 2 VPN tunnel.
I draw a little diagram to show the simple version of the setup:
The green lines are through the VPN, the blue are not.
Each gateway has a bridge interface, which bridges the VPN interface to a local interface.
Running TCPdump on that interface shows a lot of traffic, and I can see the pings on either side of the tunnel.
However, something seems wrong with ARP table, as it either won't get filled up, and the hosts dont get any ARP replies.
So.. There are loads of arp who-has packets on the bridge interfaces, but no arp reply from those hosts.
However, running TCPdump on a host shows that it does actually reply to those ARP packets. These just never reaches the bridge interface.
I am seriously running out of ideas here..
I am running Sophos UTM on both gateways, and that software is built on SuSE linux.
Update:
I played around with ARPing to debug a bit more, and when ARPing'ing SITE2 Gateway from a host at the SITE1 side of the network, I get one unicast response - but normal pings still fails.
When ARPing'ing from a host at SITE1 to a host at SITE2, i get no replies at all. I can however see the who-has packets:
12:05:47.910181 arp who-has 10.127.0.14 (Broadcast) tell 10.127.0.11 - but no replies at all.
The reply packet is however being sent from the server, so that is not the problem.
This is driving me crazy..
I fixed it!
Reading this answer on SF lead me to try to enable promiscuous mode on the ESXi hosts, and it WORKED!