Emerging Member
Posts: 56
Registered: ‎02-25-2014
Kudos: 31
Solutions: 1

IPSec VPN problem

[ Edited ]

Can anyone see any issues with the following VPN config? It's to a Draytek 2820IPPBX with the same credentials set up at t'other end. The 192.168.20.0/24 subnet that I defined for this end is not specified elsewhere in the ERL.....

(sorry - cant recall how to paste as commands!)

vpn {
ipsec {
auto-firewall-nat-exclude disable
esp-group FOO0 {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption aes128
hash sha1
}
}
ike-group FOO0 {
lifetime 28800
proposal 1 {
dh-group 14
encryption aes128
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
site-to-site {
peer office2.frithstreetgallery.com {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-ip 192.168.1.1
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group FOO0
local {
subnet 192.168.20.0/24
}
remote {
subnet 10.0.0.0/24
}
}
}
}
}
}

Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5474
Solutions: 1656
Contributions: 2

Re: IPSec VPN problem

You should post the complete configuration so that people can take a look (e.g., interfaces, NAT, firewall, etc.).

Emerging Member
Posts: 56
Registered: ‎02-25-2014
Kudos: 31
Solutions: 1

Re: IPSec VPN problem

 
Attachment
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5474
Solutions: 1656
Contributions: 2

Re: IPSec VPN problem

Could you also elaborate on what errors/etc. were observed when trying this config, for example the log output while the connection is being attempted etc.?

Emerging Member
Posts: 90
Registered: ‎11-14-2013
Kudos: 38
Solutions: 1

Re: IPSec VPN problem

Looks to me like you are still natting the outbound VPN traffic.  I haven't played with the new feature, but this line drew my attention:

 

auto-firewall-nat-exclude disable