cancel
Showing results for 
Search instead for 
Did you mean: 

Point to Point IPsec tunnel problems

AndyG53
Newbie
Posts: 1
Registered: ‎15-06-2018

Point to Point IPsec tunnel problems

hi there, sorry if this has been dealt with before, i can find references to similar issues but not the exact problem that i am having, nor can i find any fixes

i have a Plusnet Fibre DSL connection at home and am trying to create a Point to Point IPSec tunnel to the Cyberroam 25 Ing firewall at my office, as the Plusnet Hub one router does not have the capability for VPN's i created an application that maps the required ports through to a Netgear DGN2200 connected with a static IP address on my LAN , i have  given the Plusnet a Dyndns address and created a VPN policy on both devices together with an Suitable IKepolicy however the tunnel refuses to connect,  i am pretty sure that this is because of NAT traversal not being enabled on the  Plusnet and came across an article that states that strict NATing can be turned off using a command line but i cannot get to telnet into the Plusnet , telnet connect and then drops straight away ,  has anyone had a similar problem as this with teh VPN tunnel or can anyone confirm if its possible to put the Plusnet router into bridge mode

Failing this has anyone had success with using the Netgear DGN 2200 as the primary DSL router i have gone through the settings to use a 3rd party router on fibre DSL as per the support website but it simply refuses to connect

3 REPLIES 3
chrislacey
Grafter
Posts: 32
Thanks: 7
Registered: ‎20-10-2009

Re: Point to Point IPsec tunnel problems

Hi Andy

Did you enable IPSEC passthru in the router if the option is available.

If I remember correctly the NAT traversal setting needs enabling at both ends of the VPN tunnel devices, which then encapsulates all the encrypted traffic in port UDP 4500, so it can go through the NAT router, it may be worth trying to port forward that to the internal static IP address. also check everything else matches like main mode or aggressive mode and the diffe-hellman group used in phase1, and if you enabled PFS.

if it doesn't work you need to look at the logs to see the failure reason, for example it could say could unacceptable phase 1 or phase 2 proposals or something generic like simply unable to connect.

Hope that helps

MasterOfReality
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 1,640
Fixes: 57
Registered: ‎26-03-2018

Re: Point to Point IPsec tunnel problems

Hi @AndyG53

 

When you say the 3rd party router refuses to connect, can you be a little more specific? 

 

Just to confirm, were you following these details to use the 4rd party fibre router on our network; 

 


To configure a third party router you will need to consult your manufacturer or your manual to gain access to your router and find the necessary pages:
 

Encapsulation Type: PPPoE (PPP over Ethernet)
Username: Username@plusdsl.net 
Password: Your account password
 

If using wireless please make sure you set up the wireless security on your router. Instructions on how to do this can be found in your manual or on the manufacturers website.

Thanks,
 

MisterW
Superuser
Superuser
Posts: 14,487
Thanks: 5,357
Fixes: 383
Registered: ‎30-07-2007

Re: Point to Point IPsec tunnel problems

@AndyG53

Failing this has anyone had success with using the Netgear DGN 2200 as the primary DSL router i have gone through the settings to use a 3rd party router on fibre DSL as per the support website but it simply refuses to connect

From what I can see the DGN2200 is only an ADSL2 modem/router , it's not going to work on a fibre connection.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.