Services over VPN

2024-04-22 14:36:40

Posts: 7

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-06-19

Services over VPN

2024-04-22 14:36:40

Tags: #VPN

Model: ER707-M2

Hardware Version: V1

Firmware Version: 1.2.2 Build 20240324 Rel.42799

Hello everybody, i'm facing some issues with IPSEC vpn with omada. I've a working point to point vpn between central office and local stores. This vpn is working fine :

i can ping devices both ways
go to webpages of local devices like printers
vnc devices
view local shares (smb)
connect to sql server

BUT when i try to use some software that needs to connect to the central office or to open/download files over a network share (I can see the shared folder but I cannot download files from it) it doesn’t work.

What is very strange is that when i use forticlient VPN everything works fine.

On the other side (in the central office I’ve a fortinet) the firewall seems well configured and works without any problems on other vpn (made on other fw like palo alto)

What is wrong on the omada side ?

Thank you very much to everyone who could help.

14 Reply

LV5

2024-04-22 14:42:55

Posts: 2104

Helpful: 762

Solutions: 262

Stories: 0

Registered: 2018-08-17

Re:Services over VPN

2024-04-22 14:42:55

I myself have two ER707-M2 with site to site vpn, there have never been such problems, do you have any screenshots of the vpn configuration?

Do you have other VPN services on the router such as openvpn or SSL vpn? I have had similar problems as you describe on ER8411 but then SSL vpn has been configured, I had to delete all SSL vpn configuration before site to site worked properly. I haven't tested SSL on the ER707-M2, so I don't know if it's the same problem there

LV1

2024-04-22 14:52:09

Posts: 7

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-06-19

Re:Services over VPN

2024-04-22 14:52:09

@MR.S

Thank you very much, here the configuration. On the other side i don't have any SSL vpn configured on the omada side.

LV5

2024-04-22 14:58:05

Posts: 2104

Helpful: 762

Solutions: 262

Stories: 0

Registered: 2018-08-17

Re:Services over VPN

2024-04-22 14:58:05

you should not use this encryption, it is outdated and insecure, try this one instead.

Do you have SSL on any of the routers?

Is there ER707-M2 on both sides of the tunnel?

LV5

2024-04-22 15:10:09

Posts: 2104

Helpful: 762

Solutions: 262

Stories: 0

Registered: 2018-08-17

Re:Services over VPN

2024-04-22 15:10:09

You have Fortinet I see, sorry I didn't see that.
try with slightly stronger encryption, I have vpn against cisco, unifi, sonicwall and microtik, it works without problems, but I have not tested with the same encryption as you have

LV1

2024-04-22 19:18:35

Posts: 7

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-06-19

Re:Services over VPN

2024-04-22 19:18:35

I've set up the vpn in your exact way but nothing changed... vnc works, ping works but I still can only see smb of windows server files without being able to download (explorer crashes after some minutes stuck in trying)

Clive_A

2024-04-23 01:47:14

Posts: 5528

Helpful: 2643

Solutions: 1231

Stories: 0

Registered: 2023-06-09

Re:Services over VPN

2024-04-23 01:47:14

Hi @slamjam

Thanks for posting in our business forum.

slamjam wrote

I've set up the vpn in your exact way but nothing changed... vnc works, ping works but I still can only see smb of windows server files without being able to download (explorer crashes after some minutes stuck in trying)

The above description shows that the VPN works and it is intact.

You might wanna take a look at the server firewall or permission. It does not look like a problem with the router/VPN at all.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

LV5

2024-04-23 05:59:47

Posts: 2104

Helpful: 762

Solutions: 262

Stories: 0

Registered: 2018-08-17

Re:Services over VPN

2024-04-23 05:59:47

I am quite sure that the problem is not on the ER707-M2 if you have not configured other types of VPN on it, I asked you if you have configured SSL VPN on the ER707-M2, you have not answered this yet.

to test comunication.
can you telnet to the server that has the file share.

in windows you can type that command in the command prompt,

telnet 192.168.56.1 445

ip is an example, replace with ip to server where file share is
if you do not get a response, you must check that nothing is blocked in the Fortinet firewall

if you dont have windows telnet add windows function in add remove program.

LV5

2024-04-23 07:48:30

Posts: 2104

Helpful: 762

Solutions: 262

Stories: 0

Registered: 2018-08-17

Re:Services over VPN

2024-04-23 07:48:30

I have done some more tests on my ER707-M2 routers, SSL works fine with this router combined with site to site, only way I can provoke what you have is by blocking TCP port 445. then file explorer hangs and finally it doesn't respond.

LV1

2024-04-23 16:19:40

Posts: 7

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-06-19

Re:Services over VPN

2024-04-23 16:19:40

@MR.S

thank you veru much for the support that you're giving.

i've tried and the port 445 is open.

What is very strange is that on the fortinet side the configuration is exactly the same for all the vpns (other sites and ssl)

PS i've done another check, i've a nas with an smb share and it works! So it's some strange configuration regarding something regarding windows shares (but remember that this shares works with the ssl fortinet vpn)

#10

LV5

2024-04-23 16:27:04

Posts: 2104

Helpful: 762

Solutions: 262

Stories: 0

Registered: 2018-08-17

Re:Services over VPN

2024-04-23 16:27:04