EdgeRouter 4: IPSec, S2S vpn
-
@FATeknollogee said in EdgeRouter 4: IPSec, S2S vpn:
That previous error was due to copy/paste issues.
Here is the error I'm getting:
[ service nat ] NAT configuration error: rule type not specified/valid
The NAT above was exported from a live router using
show configuration command service | grep nat
Are you running 2.0? maybe something changed?
Edit: Nope
-
Never mind. I read the error closer.. I missed a line when I copy/pasted
fixed above also.set service nat rule 5000 type masquerade
-
@JaredBusch said in EdgeRouter 4: IPSec, S2S vpn:
Never mind. I read the error closer.. I missed a line when I copy/pasted
fixed above also.set service nat rule 5000 type masquerade
Haha, just added that line like 2 mins ago!!
Thanks for fixing!! -
ER4 <--> Meraki MX S2S is "up"
Many thanks to @JaredBusch for all the help. -
@JaredBusch
S2S #1: ER4 (ip 1.2.3.4) <--> Meraki MX is up
S2S #2: ER4 (ip 1.2.3.4) <--> Unifi USG not working, just says "connecting" (when I run "show vpn ipsec sa)Any tricks or tips to make S2S #2 work?
-
@FATeknollogee said in EdgeRouter 4: IPSec, S2S vpn:
@JaredBusch
S2S #1: ER4 (ip 1.2.3.4) <--> Meraki MX is up
S2S #2: ER4 (ip 1.2.3.4) <--> Unifi USG not working, just says "connecting" (when I run "show vpn ipsec sa)Any tricks or tips to make S2S #2 work?
USG sucks...
-
@JaredBusch Don't talk bad about my USG :grinning_face_with_smiling_eyes:
In a few week I plan on replacing the USG w an ER4.For now, I was able to get the ER4 <--> USGp4 connection up & running...:thumbs_up:
-
I have 2 public IPs on the USGp4 (using WAN 1 & 2)
For some reason, the second peer (of my S2S) ER4 refuses to connect to the USGp4 WAN1 IP.
I finally tried WAN2 & it connected. -
update:
ER4 <--> S2S <--> Meraki MX is/was an absolute disaster.
No workie!!!
For now, have to scrap the idea, it just doesn't work :angry_face: :face_with_open_mouth_cold_sweat: -
@FATeknollogee said in EdgeRouter 4: IPSec, S2S vpn:
update:
ER4 <--> S2S <--> Meraki MX is/was an absolute disaster.
No workie!!!
For now, have to scrap the idea, it just doesn't work :angry_face: :face_with_open_mouth_cold_sweat:I don’t know enough about the Meraki side. But one would assume it can work. IPSEC is a standard.
-
@JaredBusch said in EdgeRouter 4: IPSec, S2S vpn:
@FATeknollogee said in EdgeRouter 4: IPSec, S2S vpn:
update:
ER4 <--> S2S <--> Meraki MX is/was an absolute disaster.
No workie!!!
For now, have to scrap the idea, it just doesn't work :angry_face: :face_with_open_mouth_cold_sweat:I don’t know enough about the Meraki side. But one would assume it can work. IPSEC is a standard.
You probably have to rub some cash on the Meraki to get it to work.
-
@RojoLoco said in EdgeRouter 4: IPSec, S2S vpn:
@JaredBusch said in EdgeRouter 4: IPSec, S2S vpn:
@FATeknollogee said in EdgeRouter 4: IPSec, S2S vpn:
update:
ER4 <--> S2S <--> Meraki MX is/was an absolute disaster.
No workie!!!
For now, have to scrap the idea, it just doesn't work :angry_face: :face_with_open_mouth_cold_sweat:I don’t know enough about the Meraki side. But one would assume it can work. IPSEC is a standard.
You probably have to rub some cash on the Meraki to get it to work.
That was assumed.
-
The problem is this:
On the Meraki side, let's say you have 5 (this can be any number greater than 1) firewalls.
In Meraki speak, if all 5 are in the same "organization", S2S is a few clicks & AutoVPN takes over. No pre-shared secret, no keys.
You turn on VPN, say yes to whatever subnets you want in the vpn & save.On the ER side, I have to create 5 peers to connect to the Meraki side.
Meraki will only expose one connection for a 3rd party S2S & therein lies the problem.
Not all the tunnels connect & there's no good way to fix it.