Hi Sindy,
I haven't stripped any internal network addresses O_o.
anyway, just to have all information in one spot:
Site_A (valhalla):
# sep/29/2022 16:16:49 by RouterOS 7.5
# software id = CKQB-FCBE
#
# model = RB760iGS
# serial number = A36A0D0B008A
add client-to-client-forwarding=yes local-forwarding=yes name=guests vlan-id=500 vlan-mode=use-tag
/interface bridge
add admin-mac=9E:B9:9C:3F:B0:E7 auto-mac=no name=br_100_mgmt
add admin-mac=08:55:31:0D:C8:F5 auto-mac=no name=br_200_home
add admin-mac=D4:CA:6D:CC:78:8D auto-mac=no name=br_500_guests
/interface ethernet
set [ find default-name=ether1 ] comment=wan
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether3 ] comment=vanaheim
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] comment=helheim
set [ find default-name=sfp1 ] disabled=yes mac-address=08:55:31:0D:C8:F4
/interface eoip
add allow-fast-path=no local-address=77.237.23.33 mac-address=02:C2:F8:F6:60:B4 name=eoip-bifrost remote-address=135.125.232.100 tunnel-id=0
/interface vlan
add interface=eoip-bifrost name=guest_500_eoip vlan-id=500
add interface=ether3 name=guests_500_e3 vlan-id=500
add interface=ether5 name=guests_500_e5 vlan-id=500
add interface=ether3 name=home_200_e3 vlan-id=200
add interface=ether5 name=home_200_e5 vlan-id=200
add interface=eoip-bifrost name=home_200_eoip vlan-id=200
add interface=ether3 name=mgmt_100_e3 vlan-id=100
add interface=ether5 name=mgmt_100_e5 vlan-id=100
add interface=eoip-bifrost name=mgmt_100_eoip vlan-id=100
/disk
set sd1 disabled=no
set sd1-part1 disabled=no name=sdcard
/interface list
add name=LAN
add name=WAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec mode-config
add address=172.168.0.232 name=bifrost
/ip ipsec policy group
add name=road_warriors
/ip ipsec profile
add enc-algorithm=aes-256 hash-algorithm=sha256 name=road_warriors
/ip ipsec peer
add exchange-mode=ike2 name=road_warriors passive=yes profile=road_warriors
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=road_warriors
/ip pool
add name=guest_dhcp_pool ranges=192.168.100.1-192.168.100.20
add name=home_dhcp_pool ranges=192.168.0.100-192.168.0.110
add name=mgmt_dhcp_pool ranges=10.10.10.1-10.10.10.20
add name=vpn_pool ranges=172.168.0.1-172.168.0.100
/ip dhcp-server
add address-pool=home_dhcp_pool interface=br_200_home lease-time=30m name=dhcp_home_server
add address-pool=guest_dhcp_pool interface=br_500_guests name=dhcp_guest_server
add address-pool=mgmt_dhcp_pool interface=br_100_mgmt name=dhcp_mgmt_server
/ip ipsec mode-config
add address-pool=vpn_pool name=road_warriors
/port
set 0 baud-rate=115200 data-bits=8 flow-control=none name=usb1 parity=none stop-bits=1
set 1 name=serial0
/ppp profile
set *0 change-tcp-mss=default
add bridge=br_100_mgmt bridge-learning=yes change-tcp-mss=yes interface-list=LAN name=bridged
add bridge-learning=yes change-tcp-mss=yes interface-list=LAN local-address=192.168.101.10 name=clients remote-address=192.168.101.9 use-ipv6=default
set *FFFFFFFE change-tcp-mss=default
/queue simple
add limit-at=30M/400M max-limit=30M/400M name=qnap-queue target=192.168.0.100/32
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2 out-filter-chain=private redistribute="" router-id=10.10.10.252 routing-table=main
/routing ospf area
add disabled=no instance=default-v2 name=backbone-v2
/snmp community
set [ find default=yes ] encryption-protocol=AES
/system logging action
set 3 remote=192.168.0.200 src-address=192.168.0.252 syslog-facility=auth
/user group
add name=Users policy=local,telnet,ftp,read,write,test,winbox,password,sensitive,!ssh,!reboot,!policy,!web,!sniff,!api,!romon,!dude,!rest-api
/interface bridge port
add bridge=br_200_home disabled=yes ingress-filtering=no interface=ether3 trusted=yes
add bridge=br_200_home disabled=yes ingress-filtering=no interface=ether4 trusted=yes
add bridge=br_200_home disabled=yes ingress-filtering=no interface=ether5 trusted=yes
add bridge=br_200_home disabled=yes interface=ether2
add bridge=br_500_guests interface=guests_500_e3
add bridge=br_500_guests interface=guests_500_e5
add bridge=br_100_mgmt interface=mgmt_100_e3
add bridge=br_100_mgmt interface=mgmt_100_e5
add bridge=br_200_home interface=home_200_e3
add bridge=br_200_home interface=home_200_e5
add bridge=br_200_home interface=home_200_eoip
add bridge=br_500_guests interface=guest_500_eoip
add bridge=br_100_mgmt interface=mgmt_100_eoip
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set tcp-syncookies=yes
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
/interface l2tp-server server
set allow-fast-path=yes authentication=mschap2 default-profile=clients enabled=yes max-mru=1300 max-mtu=1300 mrru=1504 use-ipsec=yes
/interface list member
add interface=sfp1 list=WAN
add interface=br_200_home list=LAN
add interface=br_500_guests list=LAN
add interface=lte1 list=WAN
add interface=ether1 list=WAN
add interface=br_100_mgmt list=LAN
add interface=eoip-bifrost list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.0.252/24 interface=br_200_home network=192.168.0.0
add address=192.168.100.252/24 interface=br_500_guests network=192.168.100.0
add address=10.10.10.252/24 interface=br_100_mgmt network=10.10.10.0
add address=192.168.101.1/30 disabled=yes interface=gre-bifrost network=192.168.101.0
add address=192.168.101.5/30 disabled=yes interface=gre-guest network=192.168.101.4
/ip cloud
set ddns-enabled=yes ddns-update-interval=1h
/ip dhcp-client
add add-default-route=no interface=ether1 use-peer-dns=no
add default-route-distance=2 interface=lte1 use-peer-dns=no
/ip dhcp-server
add address-pool=vpn_pool disabled=yes interface=*CA name=vpn_dhcp
/ip dhcp-server alert
add disabled=no interface=br_200_home
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.10.10.252
add address=192.168.0.0/24 caps-manager=192.168.0.252 comment=main dns-server=192.168.0.252 gateway=192.168.0.252 netmask=24 ntp-server=192.168.0.252
add address=192.168.0.4/32 comment=work dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.252 netmask=24
add address=192.168.100.0/24 comment=guests dns-server=94.140.14.49,94.140.14.59 gateway=192.168.100.252 netmask=24
add address=192.168.101.0/24 gateway=192.168.101.252
/ip dns
set allow-remote-requests=yes cache-size=4096KiB max-concurrent-queries=256 max-concurrent-tcp-sessions=40 servers=45.90.28.247,45.90.30.247
/ip dns static
add address=10.10.10.232 name=bifrost
add address=192.168.0.100 name=nas
add address=192.168.0.111 name=midgard
add address=10.10.10.123 name=muspelheim
add address=192.168.0.200 name=alfheim
add address=192.168.0.202 name=heimdall
add address=10.10.10.222 name=nilfheim
add address=10.10.10.234 name=helheim
add address=10.10.10.242 name=vanaheim
add address=10.10.10.252 name=valhalla
add address=172.168.1.252 name=fenrir
/ip firewall address-list
add address=192.168.0.4 list=lte
add address=192.168.0.3 list=lte
add address=192.168.0.1 list=lte
add address=192.168.0.2 list=lte
add address=192.168.0.7 list=lte
add address=192.168.0.58 list=lte
add address=192.168.0.8 list=lte
add address=192.168.0.57 list=lte
add address=192.168.0.202 list=lte
add address=135.125.232.100 list=secure
add address=10.10.10.0/24 list=private
add address=192.168.0.0/24 list=private
add address=192.168.101.0/24 disabled=yes list=private
/ip firewall filter
add action=jump chain=forward comment="jump to kid-control rules" jump-target=kid-control
add action=accept chain=forward comment="cust: qnap download" connection-state=established,related dst-address=192.168.0.100
add action=accept chain=forward comment="cust: qnap upload" connection-state=established,related src-address=192.168.0.100
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=forward comment="cust: allow VPN" src-address=172.168.0.0/24
add action=accept chain=input comment="cust: accept from trusted devices" dst-port=22,8291 in-interface=ether1 protocol=tcp src-address-list=secure
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="cust: allow L2TP via IPSEC" dst-port=1701 protocol=udp
add action=accept chain=input comment="defconf: allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="defconf: allow IPSec-esp" protocol=ipsec-esp
add action=accept chain=input comment="defconf: allow IPSec-ah" protocol=ipsec-ah
add action=accept chain=input comment="defconf: allow IPsec NAT" dst-port=4500 protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="cust: drop access for guests to main network" dst-address-list=private in-interface=br_500_guests
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="cust: masquerade for main link" ipsec-policy=out,none out-interface=ether1
add action=masquerade chain=srcnat comment="cust: masquerade for backup link" ipsec-policy=out,none out-interface=lte1 src-address-list=lte
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec identity
add auth-method=digital-signature certificate=SERVER_ipsec comment=beowulf generate-policy=port-strict match-by=certificate mode-config=road_warriors peer=road_warriors policy-template-group=\
road_warriors remote-certificate=client_ipsec_beowulf remote-id=ignore
add auth-method=digital-signature certificate=SERVER_ipsec comment=hekate generate-policy=port-strict match-by=certificate mode-config=road_warriors peer=road_warriors policy-template-group=\
road_warriors remote-certificate=client_ipsec_hekate remote-id=ignore
add generate-policy=port-override mode-config=bifrost peer=road_warriors policy-template-group=road_warriors
/ip ipsec policy
add group=road_warriors proposal=road_warriors template=yes
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.8.8 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=40
add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=77.237.23.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www-ssl address=0.0.0.0/0
/ip smb
set interfaces=br_200_home
/ip ssh
set always-allow-password-login=yes forwarding-enabled=remote strong-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
add interface=br_200_home type=internal
/ppp secret
add name=fenrir profile=bridged service=l2tp
add name=bifrost profile=bridged service=l2tp
add name=guest profile=bridged service=l2tp
add name=beowulf profile=clients service=l2tp
/radius incoming
set accept=yes
/routing ospf interface-template
add area=backbone-v2 disabled=no networks=10.10.10.0/24
add area=backbone-v2 disabled=no networks=192.168.0.0/24
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=valhalla
/system logging
add action=remote topics=warning
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=info
add disabled=yes topics=debug,l2tp,ppp
/system ntp client
set enabled=yes
/system ntp server
set broadcast=yes enabled=yes manycast=yes
/system ntp client servers
add address=195.46.37.22
add address=91.212.242.20
/system routerboard settings
set auto-upgrade=yes
/system watchdog
set automatic-supout=no ping-timeout=3m watchdog-timer=no
/tool bandwidth-server
set enabled=no
set address=smtp.gmail.com from=system@valhalla port=587 tls=starttls user=system.notyfikator
/tool graphing
set store-every=hour
/tool graphing interface
add allow-address=192.168.0.0/24 interface=ether1
add allow-address=192.168.0.0/24 interface=br_200_home
add allow-address=192.168.0.0/24 interface=br_100_mgmt
add allow-address=192.168.0.0/24 interface=br_500_guests
/tool graphing queue
add allow-address=192.168.0.0/24 simple-queue=qnap-queue
/tool graphing resource
add allow-address=192.168.0.0/24
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Site_B (bifrost, CHR):
# sep/29/2022 16:22:53 by RouterOS 7.5
# software id =
#
/interface bridge
add admin-mac=02:D7:9A:B1:0E:44 auto-mac=no ingress-filtering=no name=br_vlans pvid=100 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full disable-running-check=no loop-protect=on name=ether-wan
/interface eoip
add allow-fast-path=no local-address=135.125.232.100 mac-address=02:33:90:D4:AD:8A mtu=1416 name=eoip-valhalla remote-address=77.237.23.33 tunnel-id=0
/interface veth
add address=192.168.100.180/24 gateway=192.168.100.252 name=veth-guests
add address=192.168.0.180/24 gateway=192.168.0.252 name=veth-home
add address=192.168.100.191/24 gateway=192.168.100.252 name=veth-pihole
/container mounts
add dst=/opt/adguardhome/work/data name=adguardhome_data src=/container/adguardhome
add dst=/opt/adguardhome/conf/ name=adguardhome_conf src=/container/adguardhome
add dst=/opt/adguardhome/work/ name=adguardhome_work src=/container/adguardhome
add dst=/etc/pihole name=etc_pihole src=/disk1/etc
add dst=/etc/dnsmasq.d name=dnsmasq_pihole src=/disk1/etc-dnsmasq.d
/interface list
add name=LAN
add name=WAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec mode-config
add name=road_warriors responder=no
/ip ipsec policy group
add name=road_warriors
/ip ipsec profile
add enc-algorithm=aes-256 hash-algorithm=sha256 name=road_warriors
/ip ipsec peer
add address=77.237.23.33/32 disabled=yes exchange-mode=ike2 name=road_warrior profile=road_warriors
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=road_warriors
/ip pool
add name=vpn_pool ranges=172.168.0.1-172.168.0.20
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
set *0 change-tcp-mss=default
set *FFFFFFFE change-tcp-mss=default interface-list=LAN
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2 redistribute="" router-id=10.10.10.232
/routing ospf area
add disabled=no instance=default-v2 name=backbone-v2
/snmp community
set [ find default=yes ] encryption-protocol=AES
/system logging action
set 3 bsd-syslog=yes remote=192.168.0.200 src-address=172.16.0.252 syslog-facility=auth
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,rest-api
/certificate settings
set crl-download=yes crl-use=yes
/container
add interface=veth-guests mounts=adguardhome_data,adguardhome_conf,adguardhome_work root-dir=container/adguardhome workdir=/opt/adguardhome/work
add envlist=pihole_envs interface=veth-pihole mounts=etc_pihole,dnsmasq_pihole root-dir=disk1/pihole
add interface=veth-home
/container config
set registry-url=https://registry-1.docker.io
/container envs
add key=TZ name=pihole_envs value=Europe/Warsaw
add key=WEBPASSWORD name=pihole_envs value=mysecurepassword
add key=DNSMASQ_USER name=pihole_envs value=root
/interface bridge port
add bridge=br_vlans interface=veth-guests pvid=500
add bridge=br_vlans interface=veth-pihole pvid=500
add bridge=br_vlans interface=veth-home pvid=200
add bridge=br_vlans interface=eoip-valhalla
/ip neighbor discovery-settings
set discover-interface-list=all lldp-med-net-policy-vlan=100
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=br_vlans tagged=eoip-valhalla untagged=br_vlans vlan-ids=100
add bridge=br_vlans tagged=eoip-valhalla untagged=veth-home vlan-ids=200
add bridge=br_vlans tagged=eoip-valhalla untagged=veth-guests,veth-pihole vlan-ids=500
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
/interface l2tp-server server
set authentication=mschap2 enabled=yes max-mru=1300 max-mtu=1300 mrru=1504 use-ipsec=yes
/interface list member
add interface=ether-wan list=WAN
add interface=eoip-valhalla list=LAN
add interface=br_vlans list=LAN
add interface=gre-valhalla list=LAN
add interface=veth-guests list=LAN
add interface=veth-home list=LAN
add interface=veth-pihole list=LAN
/interface ovpn-server server
set auth=sha1,md5 certificate="Bifrost CA"
/ip cloud
set ddns-enabled=yes ddns-update-interval=5m update-time=yes
/ip dhcp-client
add !dhcp-options interface=ether-wan use-peer-dns=no
add add-default-route=no interface=br_vlans
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.0.242 name=vanaheim
add address=192.168.0.232 name=jotunheim
add address=192.168.0.222 name=nilfheim
add address=192.168.0.234 name=helheim
add address=192.168.0.212 name=yggdrasil
add address=192.168.0.252 name=valhalla
/ip firewall address-list
add address=77.237.23.33 list=secure
add address=192.168.0.0/24 list=private
add address=10.10.10.0/24 list=private
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,new,untracked
add action=accept chain=input comment="defconf: accept from known devices" dst-port=22,8291 in-interface=ether-wan protocol=tcp src-address-list=secure src-port=""
add action=accept chain=forward comment="cust: allow from VPN" src-address=172.168.0.0/24
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="cust: allow L2TP VPN" dst-port=1701 protocol=udp
add action=accept chain=input comment="cust: allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="cust: allow IPSec-esp" protocol=ipsec-esp
add action=accept chain=input comment="cust: allow IPSec-ah" protocol=ipsec-ah
add action=accept chain=input comment="cust: allow IPsec NAT" dst-port=4500 log=yes log-prefix=pass-ipsec protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="typical masquarade" out-interface=ether-wan
/ip ipsec identity
add disabled=yes generate-policy=port-strict mode-config=road_warriors peer=road_warrior policy-template-group=road_warriors
/ip ipsec policy
add group=road_warriors proposal=road_warriors template=yes
/ip route
add disabled=no distance=1 dst-address=192.168.101.0/24 gateway=10.10.10.252%br_vlans pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set www address=77.237.23.33/32,192.168.0.0/24,172.16.0.0/24 disabled=yes
set www-ssl certificate=SERVER_www_bifrost
/ip ssh
set always-allow-password-login=yes forwarding-enabled=both strong-crypto=yes
/ppp secret
add disabled=yes name=guest profile=bidged service=l2tp
add name=beowulf profile=clients service=l2tp
/routing ospf interface-template
add area=backbone-v2 disabled=no networks=10.10.10.0/24
add area=backbone-v2 disabled=no networks=192.168.101.0/24
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=bifrost
/system logging
add action=remote topics=account
add action=remote topics=critical
add action=remote topics=info
add action=remote topics=warning
add action=remote topics=error
add disabled=yes topics=l2tp,debug,ppp
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.86.14.67
add address=91.212.242.20
while trying to SSH from L2TP road warrior (interface l2tp-beowulf-1) to site_b (10.10.10.232) I get timeout.
sniff shows below connections:
site_A:
/tool/sniffer/quick port=ssh ip-address=192.168.101.9
Columns: INTERFACE, TIME, NUM, DIR, SRC-MAC, DST-MAC, VLAN, SRC-ADDRESS, DST-ADDRESS, PROTOCOL, SIZE, CPU
INTERFACE TIME NUM DIR SRC-MAC DST-MAC VLAN SRC-ADDRESS DST-ADDRESS PROTOCOL SIZE CPU
mgmt_100_eoip 18.093 34 -> 9E:B9:9C:3F:B0:E7 02:D7:9A:B1:0E:44 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 74 1
eoip-bifrost 18.093 35 -> 9E:B9:9C:3F:B0:E7 02:D7:9A:B1:0E:44 100 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 78 1
eoip-bifrost 25.816 36 <- 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 100 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 78 3
mgmt_100_eoip 25.816 37 <- 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 3
br_100_mgmt 25.816 38 <- 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 3
<l2tp-beowulf-1> 34.207 39 <- 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 60 1
br_100_mgmt 34.207 40 -> 9E:B9:9C:3F:B0:E7 02:D7:9A:B1:0E:44 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 74 1
mgmt_100_eoip 34.207 41 -> 9E:B9:9C:3F:B0:E7 02:D7:9A:B1:0E:44 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 74 1
eoip-bifrost 34.207 42 -> 9E:B9:9C:3F:B0:E7 02:D7:9A:B1:0E:44 100 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 78 1
eoip-bifrost 34.233 43 <- 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 100 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 78 3
mgmt_100_eoip 34.233 44 <- 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 3
br_100_mgmt 34.233 45 <- 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 3
<l2tp-beowulf-1> 34.234 46 -> 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 60 3
eoip-bifrost 50.775 47 <- 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 100 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 78 3
mgmt_100_eoip 50.775 48 <- 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 3
br_100_mgmt 50.775 49 <- 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 3
<l2tp-beowulf-1> 66.732 50 <- 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 60 1
br_100_mgmt 66.732 51 -> 9E:B9:9C:3F:B0:E7 02:D7:9A:B1:0E:44 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 74 1
mgmt_100_eoip 66.732 52 -> 9E:B9:9C:3F:B0:E7 02:D7:9A:B1:0E:44 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 74 1
eoip-bifrost 66.732 53 -> 9E:B9:9C:3F:B0:E7 02:D7:9A:B1:0E:44 100 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 78 1
site_B:
br_vlans 12.365 2 <- 9E:B9:9C:3F:B0:E7 02:D7:9A:B1:0E:44 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 74 0
br_vlans 12.365 3 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 0
eoip-valhalla 12.365 4 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 100 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 78 0
br_vlans 13.443 5 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 0
eoip-valhalla 13.443 6 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 100 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 78 0
br_vlans 15.523 7 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 0
eoip-valhalla 15.523 8 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 100 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 78 0
br_vlans 19.603 9 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 0
eoip-valhalla 19.603 10 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 100 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 78 0
br_vlans 28.243 11 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 0
eoip-valhalla 28.243 12 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 100 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 78 0
eoip-valhalla 36.661 13 <- 9E:B9:9C:3F:B0:E7 02:D7:9A:B1:0E:44 100 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 78 0
br_vlans 36.661 14 <- 9E:B9:9C:3F:B0:E7 02:D7:9A:B1:0E:44 192.168.101.9:60756 10.10.10.232:22 (ssh) ip:tcp 74 0
br_vlans 36.661 15 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 0
eoip-valhalla 36.661 16 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 100 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 78 0
br_vlans 53.203 17 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 74 0
eoip-valhalla 53.203 18 -> 02:D7:9A:B1:0E:44 9E:B9:9C:3F:B0:E7 100 10.10.10.232:22 (ssh) 192.168.101.9:60756 ip:tcp 78 0
so seems that communication is passing from Site_A to Site_B but then on some point being dropped ? rejected ?