- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSec VPN from TP Link failing
I have a TP Link travel router with a (crappy) VPN client built in. I'm trying to connect to my FGT 80 via IPSec. (all my other VPNs work fine)
It looks like Phase 1 completes, but I cannot find any indication or idea why it doesn't complete Phase 2. I am currently using a guest subnet to connect.
My log is here: PasteBin
- Labels:
-
IPsec
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
What did you put as an IP for phase 2 all default 0.0.0.0/0 on both the end and also try to put subnets instead of named address at the FortiGate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Run the debugs as given at this article:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955
Debug Flow:
------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Perhaps I'm mistaken that Phase1 completed. I don't see any errors and the logs in the console say "IPsec SA installed"
I don't see anything in the logs which indicates why it's not completing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @username12341,
Can you please share phase 1 and phase 2 config?
Make sure that the Phase1 interface had localid-type set to auto instead of key-id’
This will ensure that the phase2 is successfully negotiated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
edit "TPLink"
set type dynamic
set interface "wan1"
set peertype any
set net-device disable
set mode-cfg enable
set ipv4-dns-server1 1.1.1.1
set proposal aes128-sha512 aes128-sha256 aes128-sha1
set dpd on-idle
set dhgrp 14 5 2
set ipv4-start-ip 192.168.70.1
set ipv4-end-ip 192.168.70.4
set ipv4-netmask 255.255.255.240
set psksecret ENC <redacted>
set dpd-retryinterval 60
next
config vpn ipsec phase2-interface
edit "TPLink"
set phase1name "TPLink"
set proposal aes128-sha512 aes128-sha256
next
config system interface
edit "TPLink"
set vdom "root"
set type tunnel
set snmp-index 27
set interface "wan1"
next
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where do I set localid-type set to auto instead of key-id?
![](/skins/images/EC9FF2F7BE06D4243426EA19DD2C8052/responsive_peak/images/icon_anonymous_message.png)