Home

Forums

Stories

Knowledge Base

Business Community > Gateways > IPsec VPN Failure After ER8411 Firmware Upgrade to 1.3.1

< Gateways

IPsec VPN Failure After ER8411 Firmware Upgrade to 1.3.1

jonmaxey

2025-06-03 16:54:45

Posts: 7

Helpful: 1

Solutions: 1

Stories: 0

Registered: 2024-03-06

IPsec VPN Failure After ER8411 Firmware Upgrade to 1.3.1

2025-06-03 16:54:45

Tags: #VPN #Firmware Update

Model: ER8411

Hardware Version: V1

Firmware Version: 1.3.1

Hello,

I manage a large Omada deployment across various networks. My primary network uses an ER8411 gateway, and several remote sites connect to it via IPsec VPN.

Yesterday, I upgraded the ER8411 to firmware version 1.3.1, and since then, the IPsec VPN connection to one of my remote sites — which uses an ER707-M2 v1.0 — has stopped working.

I've confirmed that the VPN settings on both ends remain unchanged from before the upgrade, and I’ve also tried creating a new VPN configuration and testing various setting combinations. Despite this, the VPN tunnel still fails to establish.

The following error appears in the event log on the ER8411:

WAN/LAN4: Phase 1 of IKE negotiation failed. (Peers=xxx.xxx.xxx.xxx<->xxx.xxx.xxx.xxx, Error=NO_PROPOSAL_CHOSEN[14])

On the ER707-M2, a similar error is logged:

2.5G WAN1: Phase 1 of IKE negotiation failed. (Peers=xxx.xxx.xxx.xxx<->xxx.xxx.xxx.xxx, Error=14)

(Note: IP addresses have been obfuscated for privacy.)

This issue only began after upgrading to firmware 1.3.1 on the ER8411. Is there anything else I can try or logs to look at to inform what might be happening? Could this be a regression or compatibility issue introduced in the latest firmware? If so, is it possible to downgrade the ER8411 to the previous firmware version?

Thanks!

11 Reply

GRL

LV4

2025-06-22 20:51:30 - last edited 2025-06-22 20:52:40

Posts: 858

Helpful: 361

Solutions: 104

Stories: 0

Registered: 2022-01-02

Re:IPsec VPN Failure After ER8411 Firmware Upgrade to 1.3.1

2025-06-22 20:51:30 - last edited 2025-06-22 20:52:40

I use only IPsec site-to-sites, all remotes are ER605 v2 running 2.3.0 to ER8411 1.3.2

SHA2 - 256 - DH14 / ESP - SHA2 - 256

ER8411 is always responder, remotes are always initiator

Havent seen any dropouts at all

HOWEVER

I was seeing weird dropouts when i had the responder set up on a 7206 v2 running 2.2.0 - VPNs would randomly go dead for seconds to minutes and in one case, 3 hours - all by themselves but always came back normally without me doing anything or wven noticing sometimes.

I havent tried SD-WAN because i find my current approach more flexible for my needs.

My gut feeling is something is flaky VPN wise on the current batch of firmwares, but that is just my opinion.

#12

IPsec VPN Failure After ER8411 Firmware Upgrade to 1.3.1

IPsec VPN Failure After ER8411 Firmware Upgrade to 1.3.1

Information

Voters 0

Tags