I am having some really strange issues with IPSEC since upgrading to v17MR3.
Prior to the upgrade I had deleted all my old IPSEC connections and moved them to RED VPN tunnels because IPSEC just wasn't stable. But now we have a branch with a Netcomm 4G modem that I want to set up an IPSEC tunnel for (it does do OpenVPN but IPSEC seems easier).
Firstly, I had to do "iptables -I INPUT -p udp --dport 500 -j ACCEPT" or XG wouldn't receive IPSEC packets at all.
I have a "Deprecated Default Policy" that was created as part of an update that i hadn't deleted initially.
I have a "Netcomm" policy I created and assigned to my connection.
When I try and connect from the Netcomm, XG always responds with "No proposal chosen". The list of "configured proposals" does not include the one in the "Netcomm" policy assigned to my connection, but does include the ones in the "Deprecated Default Policy". Once I change those to match my "Netcomm" policy (and add the iptables rule to include port 4500 for NAT-T) I can connect. But after deleting the "Deprecated Default Policy" I can no longer connect.
So then I deleted my connection and the "Netcomm" policy and re-added it, and it started working.
And then after a reboot, i didn't need to add the iptables rules anymore.
So I think it's all good now, but what's with all the mucking around to make stuff like this work?
James
This thread was automatically locked due to age.