S2S Ipsec IKEv2 troubles
Good day Everyone,
Maybe someone can shed some light on this and maybe i am not the only one that is facing this problem.
Setup:
Site A:
LAN: 192.168.0.0/24
No-IP: dyndns1
Bridged modem connected to a ER7412-M2
Site B:
LAN: 192.168.0.1/24
NO-IP: dyndns1
CG-NAT enabled modem
ER605 connected to port 1 of CG-Nat enabled modem, ip and device has been set in DMZ
I just need sites A and B to connect to each other very simple setup.
Both devices use DynDNS.
Wireguard worked without any hesitations(very difficult to configure) IMO.
But i know IPSEC is simpler and easier to setup.
My problems:
1: If i use autoconfigurator, ipsec tunnels doesnt work, no data is flowing through the tunnel.
2: If i use manual mode and setup IKEv2(which i want to use), Site B is the initiator and Site A is the responder, everything else defaulted doesn't work. i get Phase 1 could not be initiated. i get the following error:
2.5G WAN/LAN1: Phase 1 of IKE negotiation failed. (Peers=WANIP Site B<->WANIP site A, Error=NO_PROPOSAL_CHOSEN[14])
3: if i go all manual and also all customs, using AES 256, SHA256 en DH19 i get the same error.
When i open up terminal on the ER7412-M2 and run command to get ikev2 information i see the following:
ike policy name: ike_stage1_0th
ike_version: ikev2
hash-enc-dh: sha256-aes256-modp2048
lifetime: 28800
dpd_enable: enable
dpd_interval: 10
exchange_mode: aggressive
The exchange mode is set to aggressive( nowhere in ikev2 is there an option to change this)
4: i go all manual and use ikev1: tadaaaa everything works.
So to people using omada more than me(was very used to Unifi and other solutions). Are you using the gateways not connected/joined to an Omada controller, stand alone VPN Gateway and is this more beneficial to having more granular control compared to when its joined to the omada controller?
Is this normal that even tho i go all manual mode the exchange mode is incorrect? and if so am i only able to use IKEv1 mode due to this error?
Hope i am not the only one experiencing this type of error