Services over VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Services over VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Services over VPN
Services over VPN
2024-04-22 14:36:40
Tags: #VPN
Model: ER707-M2  
Hardware Version: V1
Firmware Version: 1.2.2 Build 20240324 Rel.42799

Hello everybody, i'm facing some issues with IPSEC vpn with omada. I've a working point to point vpn between central office and local stores. This vpn is working fine :

  • i can ping devices both ways
  • go to webpages of local devices like printers
  • vnc devices 
  • view local shares (smb)
  • connect to sql server

     

BUT when i try to use some software that needs to connect to the central office or to open/download files over a network share (I can see the shared folder but I cannot download files from it) it doesn’t work.

 

What is very strange is that when i use forticlient VPN everything works fine.

 

 

On the other side (in the central office I’ve a fortinet) the firewall seems well configured and works without any problems on other vpn (made on other fw like palo alto)

 

 

What is wrong on the omada side ?

 

Thank you very much to everyone who could help.

 

  0      
  0      
#1
Options
14 Reply
Re:Services over VPN
2024-04-22 14:42:55

  @slamjam 

 

I myself have two ER707-M2 with site to site vpn, there have never been such problems, do you have any screenshots of the vpn configuration?

 

Do you have other VPN services on the router such as openvpn or SSL vpn? I have had similar problems as you describe on ER8411 but then SSL vpn has been configured, I had to delete all SSL vpn configuration before site to site worked properly. I haven't tested SSL on the ER707-M2, so I don't know if it's the same problem there

 

 

  0  
  0  
#2
Options
Re:Services over VPN
2024-04-22 14:52:09




 
@MR.S 

Thank you very much, here the configuration. On the other side i don't have any SSL vpn configured on the omada side. 

  0  
  0  
#3
Options
Re:Services over VPN
2024-04-22 14:58:05

  @slamjam 

 

you should not use this encryption, it is outdated and insecure, try this one instead.

Do you have SSL on any of the routers?

 

Is there ER707-M2 on both sides of the tunnel?

  0  
  0  
#4
Options
Re:Services over VPN
2024-04-22 15:10:09

  @slamjam 

 

You have Fortinet I see, sorry I didn't see that.
try with slightly stronger encryption, I have vpn against cisco, unifi, sonicwall and microtik, it works without problems, but I have not tested with the same encryption as you have

 

 

  0  
  0  
#5
Options
Re:Services over VPN
2024-04-22 19:18:35
I've set up the vpn in your exact way but nothing changed... vnc works, ping works but I still can only see smb of windows server files without being able to download (explorer crashes after some minutes stuck in trying)
  0  
  0  
#6
Options
Re:Services over VPN
2024-04-23 01:47:14

Hi @slamjam 

Thanks for posting in our business forum.

slamjam wrote

I've set up the vpn in your exact way but nothing changed... vnc works, ping works but I still can only see smb of windows server files without being able to download (explorer crashes after some minutes stuck in trying)

The above description shows that the VPN works and it is intact.

You might wanna take a look at the server firewall or permission. It does not look like a problem with the router/VPN at all.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#7
Options
Re:Services over VPN
2024-04-23 05:59:47

  @slamjam 

 

I am quite sure that the problem is not on the ER707-M2 if you have not configured other types of VPN on it, I asked you if you have configured SSL VPN on the ER707-M2, you have not answered this yet.

 

to test comunication.
can you telnet to the server that has the file share.

in windows you can type that command in the command prompt,

 

telnet 192.168.56.1 445

 

ip is an example, replace with ip to server where file share is
if you do not get a response, you must check that nothing is blocked in the Fortinet firewall

 

if you dont have windows telnet add windows function in add remove program.

 

 

 

  1  
  1  
#8
Options
Re:Services over VPN
2024-04-23 07:48:30

  @slamjam 

 

I have done some more tests on my ER707-M2 routers, SSL works fine with this router combined with site to site, only way I can provoke what you have is by blocking TCP port 445. then file explorer hangs and finally it doesn't respond.

 

 

 

 

 

 

  1  
  1  
#9
Options
Re:Services over VPN
2024-04-23 16:19:40

  @MR.S 

thank you veru much for the support that you're giving. 


i've tried and the port 445 is open. 

 

 

What is very strange is that on the fortinet side the configuration is exactly the same for all the vpns (other sites and ssl)

PS i've done another check, i've a nas with an smb share and it works! So it's some strange configuration regarding something regarding windows shares (but remember that this shares works with the ssl fortinet vpn)

  0  
  0  
#10
Options
Re:Services over VPN
2024-04-23 16:27:04

  @slamjam 

 

have you remembered to open the widows firewall for the network that is on the ER707-M2, the windows firewall blocks deafult remote networks

 

  0  
  0  
#11
Options