TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
Posts: 9
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-02-08
2013-02-11 03:08:48 - last edited 2021-08-21 04:59:29
Posts: 9
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-02-08
TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-02-11 03:08:48 - last edited 2021-08-21 04:59:29
Tags:
Region : Denmark
Model : TL-ER6120
Hardware Version : V1
Firmware Version : 1.0.0 Build 20120807 Rel.34348
ISP : Fullrate.dk
I'm having problems establishing an IPSEC connection to my TL-ER6020 (couldn't select under "Model Number" here)...
I have setup port mirroring to troubleshoot the traffic and I'm no seing any IKE reply from the TL-ER6020...
Using tcpdump (tcpdump -i eth0 -n -vvv -s 1514 'host && udp port 500') I can see that the load balancer / VPN router isn't responding to the IKE request(s) it's receiving...
I followed Your Shrewsoft guide but it just doesn't work (I have tested over and over again, removing the IKE/IPSEC settings on router and re-creating them)...
The DSL modem in front of WAN1 is a Netgear VVG2000 in bridge mode (provided by my ISP)...
Any ideas...?
Is the setup guide missing something regarding opening of ports, static routes etc....?
http://www.tp-link.dk/article/?faqid=452
Model : TL-ER6120
Hardware Version : V1
Firmware Version : 1.0.0 Build 20120807 Rel.34348
ISP : Fullrate.dk
I'm having problems establishing an IPSEC connection to my TL-ER6020 (couldn't select under "Model Number" here)...
I have setup port mirroring to troubleshoot the traffic and I'm no seing any IKE reply from the TL-ER6020...
Using tcpdump (tcpdump -i eth0 -n -vvv -s 1514 'host && udp port 500') I can see that the load balancer / VPN router isn't responding to the IKE request(s) it's receiving...
I followed Your Shrewsoft guide but it just doesn't work (I have tested over and over again, removing the IKE/IPSEC settings on router and re-creating them)...
The DSL modem in front of WAN1 is a Netgear VVG2000 in bridge mode (provided by my ISP)...
Any ideas...?
Is the setup guide missing something regarding opening of ports, static routes etc....?
http://www.tp-link.dk/article/?faqid=452
#1
Options
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thread Manage
Announcement Manage
35 Reply
Posts: 9
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-02-08
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-02-14 21:41:09 - last edited 2021-08-21 04:59:29
OK, let me rephrase my question... ;-)
Has anyone ever had success with setting up a Client-to-LAN IPsec VPN and connecting to it (any client)...
I have a working LAN-to-LAN (site-to-site) IPsec tunnel running, but no matter what I do it seems like the TL-ER6020 doesn't reply to IKE requests when in aggressive mode...
I have been trying to set this up for a week now, and to me, it seems like the TL-ER6020 is FUBAR... PLEASE tell me I'm wrong...! :-)
It doesn't make sense to me that a site-to-site tunnel (also using ESP) works flawlessly, but when trying to use a Client-to-LAN setup the client receives no reply no matter which combination of proposals I use... :(
ANY kind of guidance would be appreciated...! :-)
Has anyone ever had success with setting up a Client-to-LAN IPsec VPN and connecting to it (any client)...
I have a working LAN-to-LAN (site-to-site) IPsec tunnel running, but no matter what I do it seems like the TL-ER6020 doesn't reply to IKE requests when in aggressive mode...
I have been trying to set this up for a week now, and to me, it seems like the TL-ER6020 is FUBAR... PLEASE tell me I'm wrong...! :-)
It doesn't make sense to me that a site-to-site tunnel (also using ESP) works flawlessly, but when trying to use a Client-to-LAN setup the client receives no reply no matter which combination of proposals I use... :(
ANY kind of guidance would be appreciated...! :-)
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#2
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 9
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-01-28
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-02-15 08:15:49 - last edited 2021-08-21 04:59:29
Hello,
I have gotten IPsec VPN working client to lan. I initially did not have much luck with it but eventually deleted all ike and IPsec policies and just had the IPsec enabled check box checked alone. This allowed it to work, don't ask me why. Perhaps the policies I had set were disagreeable to the clients.
Once you get VPN'd in, you will be on a separate subnet than the main LAN subnet. I think this sucks but I haven't been able to tell whether or not it is normal among routers or if this one's just a dud.
I have gotten IPsec VPN working client to lan. I initially did not have much luck with it but eventually deleted all ike and IPsec policies and just had the IPsec enabled check box checked alone. This allowed it to work, don't ask me why. Perhaps the policies I had set were disagreeable to the clients.
Once you get VPN'd in, you will be on a separate subnet than the main LAN subnet. I think this sucks but I haven't been able to tell whether or not it is normal among routers or if this one's just a dud.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#3
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 9
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-02-08
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-02-15 13:31:47 - last edited 2021-08-21 04:59:29
Hi... :)
Thanks for the answer... ;-)
Sounds to me like You're describing L2TP/IPsec:
http://www.tp-link.dk/article/?faqid=444
But what I'm referring to are these guides:
http://www.tp-link.dk/article/?faqid=452 (IPsec - Shrewsoft client)
http://www.tp-link.dk/article/?faqid=443 (IPsec - Greenbow client)
I'm not using windows (and the Shrewsoft client is ancient on Linux), but I have been using the guides above for reference (and have been testing from a Windows box)...
I also managed to get L2TP/IPsec working, but when TP-Link say it should work with pure IPsec it should work... ;-)
If it doesn't, it's false advertising... I'm hoping they "forgot" to upload a newer firmware or something like that... :-)
For L2TP/IPsec it's perfectly normal to use a seperate IP Pool, one of the main reasons (the other big one is security!) for wanting to use pure IPsec with a pre-shared key (and choose the security level myself)... :-)
Either TP-Link forgot to mention something in the guides above (I don't think so) or the TL-ER6020 just doesn't work as advertised... The latter is not acceptable... Firmware hasn't been updated since 8/7/2012 (and if it's buggy You can't just leave Your customers in the dark about it):
http://www.tp-link.com/en/support/download/?model=TL-ER6020&version=V1#tbl_j
One thing that's definitely a bug (although a minor one) is that the Page Title, when connecting to the TL-ER6020 (before login), says: "TP-LINK ER5110" which tells me that the firmware used for the ER6020 is just the ER5110 firmware with added VPN support (kind of)...
The feature we're both missing is mentioned here:
http://www.tp-link.com/en/products/details/?model=TL-ER6020#fea
"Client-to-LAN IPsec VPN"
Thanks for the answer... ;-)
Sounds to me like You're describing L2TP/IPsec:
http://www.tp-link.dk/article/?faqid=444
But what I'm referring to are these guides:
http://www.tp-link.dk/article/?faqid=452 (IPsec - Shrewsoft client)
http://www.tp-link.dk/article/?faqid=443 (IPsec - Greenbow client)
I'm not using windows (and the Shrewsoft client is ancient on Linux), but I have been using the guides above for reference (and have been testing from a Windows box)...
I also managed to get L2TP/IPsec working, but when TP-Link say it should work with pure IPsec it should work... ;-)
If it doesn't, it's false advertising... I'm hoping they "forgot" to upload a newer firmware or something like that... :-)
For L2TP/IPsec it's perfectly normal to use a seperate IP Pool, one of the main reasons (the other big one is security!) for wanting to use pure IPsec with a pre-shared key (and choose the security level myself)... :-)
Either TP-Link forgot to mention something in the guides above (I don't think so) or the TL-ER6020 just doesn't work as advertised... The latter is not acceptable... Firmware hasn't been updated since 8/7/2012 (and if it's buggy You can't just leave Your customers in the dark about it):
http://www.tp-link.com/en/support/download/?model=TL-ER6020&version=V1#tbl_j
One thing that's definitely a bug (although a minor one) is that the Page Title, when connecting to the TL-ER6020 (before login), says: "TP-LINK ER5110" which tells me that the firmware used for the ER6020 is just the ER5110 firmware with added VPN support (kind of)...
The feature we're both missing is mentioned here:
http://www.tp-link.com/en/products/details/?model=TL-ER6020#fea
"Client-to-LAN IPsec VPN"
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#4
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 9
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-02-08
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-02-23 22:18:49 - last edited 2021-08-21 04:59:29
Has anyone been able to get a working Client-to-LAN IPsec VPN using one of these 2 guides...?
http://www.tp-link.dk/article/?faqid=452 (IPsec - Shrewsoft client)
http://www.tp-link.dk/article/?faqid=443 (IPsec - Greenbow client)
I still haven't heard from TP-Link (wrote a mail to them last wednesday, the 20th of February)...
http://www.tp-link.dk/article/?faqid=452 (IPsec - Shrewsoft client)
http://www.tp-link.dk/article/?faqid=443 (IPsec - Greenbow client)
I still haven't heard from TP-Link (wrote a mail to them last wednesday, the 20th of February)...
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#5
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 4
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-02-27
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-03 21:04:27 - last edited 2021-08-21 04:59:29
Nope...
I have the same problem here.
Maybe the ISP is the reason I don't know.
I have the same problem here.
Maybe the ISP is the reason I don't know.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#6
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 4
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-02-27
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-03 21:53:09 - last edited 2021-08-21 04:59:29
I will check another guide from thegreenbow site:
http://www.thegreenbow.com/doc/tgbvpn_cg-tp-link-tl-er6120.pdf
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#7
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 3
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-03-06
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-06 11:30:59 - last edited 2021-08-21 04:59:29
I too have been beating myself up over this. The site to site vpn connections were very easy. I have followed the shrew soft instructions over and over again with no luck. Please let me know if you here back from them about this.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#8
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 4
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-02-27
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-15 00:51:50 - last edited 2021-08-21 04:59:29
Still nothing on this matter?
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#9
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 3
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-03-06
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-15 10:28:36 - last edited 2021-08-21 04:59:29
I have contacted tech support via email but have not had any luck with them yet. When I tried to reply to the first person that emailed me back the email was bounced back as non deliverable and I have not heard back from the second tech to email me.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#10
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 4
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2012-11-12
Re:TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply
2013-03-15 19:51:38 - last edited 2021-08-21 04:59:29
We often have the same non-reply from the ER6120. We trace the packets through the ISP router and they arrive at the WAN interface of the TPLINK, but on some occasions, it just drops the packet or never responds. This is the case for VPN and HTTP traffic. Then at other times, it responds as expected and you can HTTP in and setup VPN client-server LLTP connections.
We have both WANs active at the same time, to different suppliers. Is this something teh TPLINK cannot handle, having both WANs active and responding to VPN and HTTP requests coming in?
We have both WANs active at the same time, to different suppliers. Is this something teh TPLINK cannot handle, having both WANs active and responding to VPN and HTTP requests coming in?
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#11
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 9
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-02-08
2013-02-11 03:08:48 - last edited 2021-08-21 04:59:29
Posts: 9
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2013-02-08
Information
Helpful: 0
Views: 11753
Replies: 35
Voters 0
No one has voted for it yet.
Tags
Related Articles
VPN Ipsec IKE v2 PSK
361
0
Report Inappropriate Content
Transfer Module
New message