ipsec with greenbow vpn client

albandi · June 18, 2019, 2:59pm

Hi,

I am trying to setup an ipsec vpn with greenbow vpn client. I followed the official documentation and the ipsec tunnel gets up and I can connect with the vpn client.

Strange thing is I can’t connect to the local LAN as defined in the ipsec tunnel. In the connection overview I can see the tunnel is UP and client is connected. I can ping the local LAN IP address on the digi transport vpn tunnel, but that’s all. I can’t reach any host in that LAN. In my windows machine where I have the vpn greenbow client running I can see a new route has been added. The strange thing is the new route should use gateway 172.16.1.1 (using remote LAN 172.16.1.0/32 on the digi transport) but this gateway is not reachable. Please advise.

14:32:06, 14 Jun 2019,(344) IKE SA Removed. Peer: client,Successful Negotiation
14:32:06, 14 Jun 2019,Eroute 0 VPN up peer: client
14:32:06, 14 Jun 2019,New IPSec SA created by client
14:32:06, 14 Jun 2019,(344) New Phase 2 IKE Session xxx.xxx.xxx.xxx,Responder
14:32:06, 14 Jun 2019,(343) IKE Keys Negotiated. Peer: client
14:32:06, 14 Jun 2019,(343) New Phase 1 IKE Session xxx.xxx.xxx.xxx,Responder

nicolaus · March 17, 2020, 10:34am

Hi,

If the VPN tunnel is up, but you still cannot ping the remote LAN, here are a few guidelines:

Check Phase 2 settings: VPN Client address and Remote LAN address. Usually, VPN Client IP address should not belong to the remote LAN subnet.
Once VPN tunnel is up, packets are sent with ESP protocol. This protocol can be blocked by firewall.
Check that every device between the client and the VPN server does accept ESP.
Check your VPN server logs. Packets can be dropped by one of its firewall rules.
Check your ISP support ESP.
If you still cannot ping, follow ICMP traffic on VPN server LAN interface and on LAN computer interface (with Wireshark for example).
You will have an indication that encryption works.
Check the “default gateway” value in VPN Server LAN. A target on your remote LAN can receive pings but does not answer because there is a no “Default gateway” setting.
You cannot access to the computers in the LAN by their name. You must specify their IP address inside the LAN.
We recommend you to install Wireshark (http://www.wireshark.org) on one of your target computer. You can check that your pings arrive inside the LAN.

Topic		Replies	Views
Ipsec VPN between a Cell Router DIGI TransPort WR31 No traffic no Ping Digi TransPort WR (Series) vpn , router , transport , a , cell	1	475	May 4, 2018
IPsec VPN tunnels to access remote LAN Digi TransPort WR (Series) ipsec	1	401	February 28, 2020
IPSec vpn tunnel down Digi TransPort WR (Series) vpn , ipsec	2	581	January 7, 2020
IPSec connect NOT initiating[SOLVED] Digi TransPort WR (Series) ipsec , tunnel , initiate	2	476	August 4, 2020
I've set up a VPN tunnel between two WR21's but I cannot ping through to the computer beyond the modem Digi TransPort WR (Series) vpn , wr21 , ping	1	634	November 30, 2016

ipsec with greenbow vpn client

Related topics