I have a TP Link travel router with a (crappy) VPN client built in. I'm trying to connect to my FGT 80 via IPSec. (all my other VPNs work fine)
It looks like Phase 1 completes, but I cannot find any indication or idea why it doesn't complete Phase 2. I am currently using a guest subnet to connect.
My log is here: PasteBin
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
What did you put as an IP for phase 2 all default 0.0.0.0/0 on both the end and also try to put subnets instead of named address at the FortiGate.
Run the debugs as given at this article:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955
Debug Flow:
------------------------
Perhaps I'm mistaken that Phase1 completed. I don't see any errors and the logs in the console say "IPsec SA installed"
I don't see anything in the logs which indicates why it's not completing.
Hi @username12341,
Can you please share phase 1 and phase 2 config?
Make sure that the Phase1 interface had localid-type set to auto instead of key-id’
This will ensure that the phase2 is successfully negotiated.
edit "TPLink"
set type dynamic
set interface "wan1"
set peertype any
set net-device disable
set mode-cfg enable
set ipv4-dns-server1 1.1.1.1
set proposal aes128-sha512 aes128-sha256 aes128-sha1
set dpd on-idle
set dhgrp 14 5 2
set ipv4-start-ip 192.168.70.1
set ipv4-end-ip 192.168.70.4
set ipv4-netmask 255.255.255.240
set psksecret ENC <redacted>
set dpd-retryinterval 60
next
config vpn ipsec phase2-interface
edit "TPLink"
set phase1name "TPLink"
set proposal aes128-sha512 aes128-sha256
next
config system interface
edit "TPLink"
set vdom "root"
set type tunnel
set snmp-index 27
set interface "wan1"
next
end
Where do I set localid-type set to auto instead of key-id?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.