TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-02-11 03:08:48 - last edited 2021-08-21 04:59:29
Region : Denmark

Model : TL-ER6120

Hardware Version : V1

Firmware Version : 1.0.0 Build 20120807 Rel.34348

ISP : Fullrate.dk


I'm having problems establishing an IPSEC connection to my TL-ER6020 (couldn't select under "Model Number" here)...

I have setup port mirroring to troubleshoot the traffic and I'm no seing any IKE reply from the TL-ER6020...

Using tcpdump (tcpdump -i eth0 -n -vvv -s 1514 'host && udp port 500') I can see that the load balancer / VPN router isn't responding to the IKE request(s) it's receiving...

I followed Your Shrewsoft guide but it just doesn't work (I have tested over and over again, removing the IKE/IPSEC settings on router and re-creating them)...

The DSL modem in front of WAN1 is a Netgear VVG2000 in bridge mode (provided by my ISP)...

Any ideas...?

Is the setup guide missing something regarding opening of ports, static routes etc....?

http://www.tp-link.dk/article/?faqid=452
  0      
  0      
#1
Options
35 Reply
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-02-14 21:41:09 - last edited 2021-08-21 04:59:29
OK, let me rephrase my question... ;-)

Has anyone ever had success with setting up a Client-to-LAN IPsec VPN and connecting to it (any client)...

I have a working LAN-to-LAN (site-to-site) IPsec tunnel running, but no matter what I do it seems like the TL-ER6020 doesn't reply to IKE requests when in aggressive mode...

I have been trying to set this up for a week now, and to me, it seems like the TL-ER6020 is FUBAR... PLEASE tell me I'm wrong...! :-)

It doesn't make sense to me that a site-to-site tunnel (also using ESP) works flawlessly, but when trying to use a Client-to-LAN setup the client receives no reply no matter which combination of proposals I use... :(

ANY kind of guidance would be appreciated...! :-)
  0  
  0  
#2
Options
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-02-15 08:15:49 - last edited 2021-08-21 04:59:29
Hello,

I have gotten IPsec VPN working client to lan. I initially did not have much luck with it but eventually deleted all ike and IPsec policies and just had the IPsec enabled check box checked alone. This allowed it to work, don't ask me why. Perhaps the policies I had set were disagreeable to the clients.

Once you get VPN'd in, you will be on a separate subnet than the main LAN subnet. I think this sucks but I haven't been able to tell whether or not it is normal among routers or if this one's just a dud.
  0  
  0  
#3
Options
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-02-15 13:31:47 - last edited 2021-08-21 04:59:29
Hi... :)

Thanks for the answer... ;-)

Sounds to me like You're describing L2TP/IPsec:
http://www.tp-link.dk/article/?faqid=444

But what I'm referring to are these guides:
http://www.tp-link.dk/article/?faqid=452 (IPsec - Shrewsoft client)
http://www.tp-link.dk/article/?faqid=443 (IPsec - Greenbow client)

I'm not using windows (and the Shrewsoft client is ancient on Linux), but I have been using the guides above for reference (and have been testing from a Windows box)...

I also managed to get L2TP/IPsec working, but when TP-Link say it should work with pure IPsec it should work... ;-)

If it doesn't, it's false advertising... I'm hoping they "forgot" to upload a newer firmware or something like that... :-)

For L2TP/IPsec it's perfectly normal to use a seperate IP Pool, one of the main reasons (the other big one is security!) for wanting to use pure IPsec with a pre-shared key (and choose the security level myself)... :-)

Either TP-Link forgot to mention something in the guides above (I don't think so) or the TL-ER6020 just doesn't work as advertised... The latter is not acceptable... Firmware hasn't been updated since 8/7/2012 (and if it's buggy You can't just leave Your customers in the dark about it):
http://www.tp-link.com/en/support/download/?model=TL-ER6020&version=V1#tbl_j

One thing that's definitely a bug (although a minor one) is that the Page Title, when connecting to the TL-ER6020 (before login), says: "TP-LINK ER5110" which tells me that the firmware used for the ER6020 is just the ER5110 firmware with added VPN support (kind of)...

The feature we're both missing is mentioned here:
http://www.tp-link.com/en/products/details/?model=TL-ER6020#fea
"Client-to-LAN IPsec VPN"
  0  
  0  
#4
Options
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-02-23 22:18:49 - last edited 2021-08-21 04:59:29
Has anyone been able to get a working Client-to-LAN IPsec VPN using one of these 2 guides...?

http://www.tp-link.dk/article/?faqid=452 (IPsec - Shrewsoft client)
http://www.tp-link.dk/article/?faqid=443 (IPsec - Greenbow client)

I still haven't heard from TP-Link (wrote a mail to them last wednesday, the 20th of February)...
  0  
  0  
#5
Options
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-03 21:04:27 - last edited 2021-08-21 04:59:29
Nope...
I have the same problem here.
Maybe the ISP is the reason I don't know.
  0  
  0  
#6
Options
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-03 21:53:09 - last edited 2021-08-21 04:59:29
I will check another guide from thegreenbow site: http://www.thegreenbow.com/doc/tgbvpn_cg-tp-link-tl-er6120.pdf
  0  
  0  
#7
Options
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-06 11:30:59 - last edited 2021-08-21 04:59:29
I too have been beating myself up over this. The site to site vpn connections were very easy. I have followed the shrew soft instructions over and over again with no luck. Please let me know if you here back from them about this.
  0  
  0  
#8
Options
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-15 00:51:50 - last edited 2021-08-21 04:59:29
Still nothing on this matter?
  0  
  0  
#9
Options
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-15 10:28:36 - last edited 2021-08-21 04:59:29
I have contacted tech support via email but have not had any luck with them yet. When I tried to reply to the first person that emailed me back the email was bounced back as non deliverable and I have not heard back from the second tech to email me.
  0  
  0  
#10
Options
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-15 19:51:38 - last edited 2021-08-21 04:59:29
We often have the same non-reply from the ER6120. We trace the packets through the ISP router and they arrive at the WAN interface of the TPLINK, but on some occasions, it just drops the packet or never responds. This is the case for VPN and HTTP traffic. Then at other times, it responds as expected and you can HTTP in and setup VPN client-server LLTP connections.

We have both WANs active at the same time, to different suppliers. Is this something teh TPLINK cannot handle, having both WANs active and responding to VPN and HTTP requests coming in?
  0  
  0  
#11
Options

Information

Helpful: 0

Views: 11753

Replies: 35

Related Articles