Yesterday I tried this scenario: Win7_warrior - 192.168.x.x, NAT, GW: 1.2.3.119 VPN_L2TP (Mikrotik) - A.B.C.75/23, not NATed VPN_IKEv2 - A.B.C.77/23, not NATed
I connected Win7_warrior to VPN_L2TP and then to VPN_IKEv2. I was having two active VPN conn in one time. Next, I disconnected VPN_L2TP. VPN_IKEv2 was still active and was working fine. When I disconnected VPN_IKEv2 and was trying to connect VPN_IKEv2 omitting VPN_L2TP - I got 809. Removing home_router which is between Win7_warrior and 1.2.3.119 does not change anything. Another thing: I install VPN_IKEv2 OS via PXEboot and get private IP from dhcp server. Then I move to public A.B.C.77/23 editing /etc/hostname, mygate, resolv.conf. Maybe I missed something in network conf that is important for OpenIKED? Any idea? On Tue, 6 Nov 2018 11:21:52 +0100 Radek <alee...@gmail.com> wrote: > Hello Kim, > > > My question was concerning the VPN_server, is the server NATed? > A.B.C.0/23 is not NATed, it is a public pool. VPN_server is not NATed. > > > How is A.B.C.0/23 connected to the 'rest' of the world? Router/Firewall ... > I only have switches in my building. > All routers/firewalls of my network are in another building, I do not know > the whole network structure, devices, security policies... but I have never > noticed that any ports were blocked. > > I can setup a IKEV2 site-to-site VPN A.B.C.D/23 <--> !A.B.C.0/23 and it works > like a charm. > https://community.riocities.com/openike_openbsd.html > But I can not setup a VPN_server for road warriors. > > I have just set up a VPN_L2TP_serv on Mikrotik (A.B.C.75/23). I can connect > my Win7_warrior from !A.B.C.0/23 (currently testing on GSM network). > L2TP and IKEV2 use 500, 4500 ports. If L2TP works fine so I conclude that it > is not any Router/FW problem. > > On Tue, 6 Nov 2018 07:48:37 +0100 > Kim Zeitler <kim.zeit...@konzept-is.de> wrote: > > > Good morning Radek, > > > > I have a suspicion ... > > > > > For (1), (2) and (3) VPN is working just fine with Win7_warrior and > > > puffy_warrior if they are connecting from A.B.C.0/23 (it does not matter > > > if warrior has public IP or it is behind NAT). The rest of the world > > > fails to connect the VPN_server. > > My question was concerning the VPN_server, is the server NATed? > > How is A.B.C.0/23 connected to the 'rest' of the world? Router/Firewall ... > > > > Cheers, > > Kim > > > > > > > -- > radek -- radek