IPsec site-to-site VPN fails to establish on two TL-R605/ER605
Hi folks, I'd appreciate some help here since I struggle to make any sense of what's happening.
I'm trying to set up site-to-site IPsec tunnel. The configuration is following:
Router 1: ER605 v1, firmware 1.1.1 Build 20210723 Rel.64608, standalone (no Omada), static public IP
Router 2: TL-R605 v1, firmware 1.0.0. build 20200930 rel.36519, managed by local Omada controller, static public IP
On router 1 I configured IPSec policy, initiator mode, networks and IPs are properly set, pre-shared key identical as on other router.
On router 2 I configure Manual IPsec, initiator mode, IKE v1, all parameters same values as on router 1, except for remote network obviously
On router 1 system log shows occassionally:
WAN: IKE negotiation began in initiator mode. (Mode=Main Mode, Peers=xx.xx.xx.xx<->yy.yyy.yyy.yyy)
but no other IPSec related items, no errors whatsoever. VPN SA list is empty.
On Omada (for router 2) controler logs there is zero entries related to VPN.
Insights->VPN Status->IPsec SA list is empty
I tried reversing initator/responder mode but to no effect. Is there any way to get more detailed logging for any of the routers here?
Routers are not behind NAT. For what it's worth, I'm able to connect to router 2 via OpenVPN from router 1 network and I'm able to traceroute from r1 to r2 so the connectivity seems to be working. Any ideas how to debug this?