I have two WR21 and try to setup a IPSec VPN tunnel.
The log of responder will shows the message as following repeatedly:
13:57:52, 09 Mar 2021,(96) IKE SA Removed. Peer: WR21_TEST,Negotiation Failure
13:57:52, 09 Mar 2021,(96) IKE Negotiation Failed. Peer: ,Inactivity
13:57:22, 09 Mar 2021,(96) IKE Keys Negotiated. Peer: WR21_TEST
13:57:22, 09 Mar 2021,(96) New Phase 1 IKE Session 45.115.73.51,Responder
There is no New Phase 2 IKE Session but only Phase 1.
The configuration of two WR21 are match for each other.
I have set up a successful IPSec tunnel before I sent one WR21 to other country.
Maybe the problem is from the ISP of other country…
Looking at those logs I would say that the remote peer is not responding and the phase 1 negotiation fails due to timeout.
It would be needed to check the whole logs and config on both sides to better understand what is happening, but if nothing has been changed before changing country/provider, there could be some block from the provider for incoming traffic, so it would be worth first of all check with the carrier.
If is all ok from provider side and you need us to further assist you on this, I would suggest you to send an email to tech.support@digi.com with:
IMEIs of the units
Complete debug.txt file from both
Please note that usually VPN troubleshooting is not covered under Base support (other than a basico config check) and would require an Expert contract, see here for more details on our support options: https://www.digi.com/support.