Site-to-site IPsec tunnel not starting
Team,
Just finished some testing with the beta versions being:
- TL-ER7206 version: 1.2.3_20230224-rel60828_up_2023-02-24_16.54.59
- TL-ER605 version: 1.2.3_20230224-rel61610_up_2023-02-24_17.08.23
And discovered that the site-to-site IPsec VPN tunnel between these 2 routers is not working.
Meaning the tunnel not even started.
I then reverted back to the previous stable version being:
- TL-ER7206 version: 1.2.3 Build 20221104
- TL-ER605 version: 1.2.1 Build 20220512
After that, the IPsec tunnel is working as expected.
Not sure if (and how) this effects the final release.
But just so you know.
With warm regards - Will
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I don't understand what you are saying about buggy R7206-firmware and not supported with the R605...
To make sure we are on the same page (see also my initial post):
The settings in my posted screenshot are working with *both* router models when using the latest stable firmware version.
When switching to the latest beta version for *both* router models the IPsec tunnel is not even starting.
See the initial post for the exact version numbers on each.
- Copy Link
- Report Inappropriate Content
with the latest official release to ER7206 your settings not take effect, if you configure SHA-256 it steel use SHA1, with the new beta release this settings take effect and use SHA-256 but this is not supportet in ER605v1 and because of that you dont get VPN to work, You have now a ER605v1 that use SHA1 and ER7206 use SHA-256. so to get it to work use SHA1 on both routers then your VPN will work.
the same thing with ER605v1 if you configure SHA-256 it steel use SHA1. if you look at VPN status you see that.
- Copy Link
- Report Inappropriate Content
I do a test, vpn site to site work whit no issue between my routers with this sotware
TL-ER7206 v1.0Firmware Version:1.2.3 Build 20230224 Rel.60828
TL-R605 v1.0Firmware Version:1.2.3 Build 20230224 Rel.61610
what encryption do you use?
I use deafult for vpn on this routers
Phase-1 Settings
SHA1 - AES256 - DH2
Phase-2 Settings
ESP - SHA1 - AES256
- Copy Link
- Report Inappropriate Content
Thank you for the quick response.
See attached screenshot with all relevant settings.
Will give your settings a try later this weekend.
Cheers - Will
=====
- Copy Link
- Report Inappropriate Content
@ITV Ok, I se whats the problem, Long storry but ER7206 have buggy software in the version you use now, SHA256 don't take effect, whit the beta this is fixed and then the router don't connect to ER605 because this router don't support SHA256, so upgrade to the latest beta on both.
change to SHA1 not use SHA256, ER605v1 don't support that.
This setting will work
- Copy Link
- Report Inappropriate Content
I don't understand what you are saying about buggy R7206-firmware and not supported with the R605...
To make sure we are on the same page (see also my initial post):
The settings in my posted screenshot are working with *both* router models when using the latest stable firmware version.
When switching to the latest beta version for *both* router models the IPsec tunnel is not even starting.
See the initial post for the exact version numbers on each.
- Copy Link
- Report Inappropriate Content
with the latest official release to ER7206 your settings not take effect, if you configure SHA-256 it steel use SHA1, with the new beta release this settings take effect and use SHA-256 but this is not supportet in ER605v1 and because of that you dont get VPN to work, You have now a ER605v1 that use SHA1 and ER7206 use SHA-256. so to get it to work use SHA1 on both routers then your VPN will work.
the same thing with ER605v1 if you configure SHA-256 it steel use SHA1. if you look at VPN status you see that.
- Copy Link
- Report Inappropriate Content
Many thanks for the quick and to the point answers. And indeed - works as you mentioned.
To give the R605 some breathing room I now use "SHA1 - AES128 - DH2" on all sites; including the PFS parameter.
This balances security/encryption and device performance.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi All,
A newer 1.2.3 Beta firmware has been released for trial, please follow the post link below for details.
ER605 V1_1.2.3_Build 20230413 Beta For Trial (Released on Apr 14th, 2023)
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 925
Replies: 8
Voters 0
No one has voted for it yet.