Issue with VPN IPsec

Salut Thomas and welcome to the UTM Community!

Please show us pictures of the Edits of the IPsec Connection and Remote Gateway from both UTMs and also of the Edits of the Interface used in each IPsec Connection.

Do the following for the IPsec log:

1. Confirm that Debug is not enabled.
2. Disable the IPsec Connection.
3. Start the IPsec Live Log and wait for it to begin to populate.
4. Enable the IPsec Connection.
5. Show us about 60 lines from enabling through the error.  Or through the line containing "IPsec SA established."

Cheers - Bob

I'm sorry but i have a new error now, i give you a capture.

I know it's about Key but i look everywere and don't find anything again :/ 

Thanks for All

Thomas 

Two things, Thomas.  First, leave the 'VPN ID' blank in both Remote Gateway definitions.  If that doesn't fix the problem, try with a very simple PSK.

Cheers - Bob

I thanks for your answer.

Always the same problems with : 2019:05:31-09:03:49 utminfotec ipsec_starter[6795]: no default route - cannot cope with %defaultroute!!!

I don't know why it's not working :/ 

NAT can be the problem ?!

Thanks for reading

Thomas

Hi Thomas, 

In your pictures, your local interface is named 'Internal'. Are you sure this interface has a default gateway set to it?

If not, this should be your WAN interface or (External). 

Please show us a simple diagram with the IPs noted on the interfaces that are the endpoints of this tunnel.

Cheers - Bob

Please show us a simple diagram with the IPs noted on the interfaces that are the endpoints of this tunnel.

Cheers - Bob

Hi bob,

Here you can find a diagram of my network, my address name internal have this configuration : IPv4 address 192.168.10.90 

                                                                                                                                           IPv4 Default GW address 192.168.10.2

I just name it internal but i can make the same with external (wan) 

Thanks for all your answer

Thomas

Thanks, Thomas, seeing that notebook paper brought back memories of when I lived in Berlin.

Is either endpoint is behind a NAT, that could cause the problem in the second set of log lines above.  If not, we need a new extract from the IPsec log.  Do the following:

1. Confirm that Debug is not enabled.
2. Disable the IPsec Connection.
3. Start the IPsec Live Log and wait for it to begin to populate.
4. Enable the IPsec Connection.
5. Show us about 60 lines from enabling through the error.  Or through the line containing "IPsec SA established."

Cheers - Bob

Hi bob,

Debug is not enable

I hope you can find my issue, 

I have NAT on myu side and i enable NAT-T like this :

Thanks for all your answer 

Thomas

Thomas, change the 'Interface' for each IPsec Connection to "External" - does it work now?  If not, show us the log again, but copy and paste the text here instead of showing a screen capture.

Cheers - Bob

I bob,

it's a good day :D , i have resolv all my issue this morning. I take a picture of my configuration if someone who check here have the same problem as me before. 

this configuration works, i hope you don't will see an error.

My 2 UTM is behind NAT it's why i enable NAT-Transversal. For me, i had to make port forwarding on my router.

Thanks for all your response

Thomas

Salut Thomas,

Bon travail !

In fact, since both UTMs are behind a NAT, what also made this work was "Respond only" on the one side and specifying the VPN ID on the "Initiate Connection" side.

Cheers - Bob