Yesterday I tried this scenario:

Win7_warrior - 192.168.x.x, NAT, GW: 1.2.3.119
VPN_L2TP (Mikrotik) - A.B.C.75/23, not NATed
VPN_IKEv2 - A.B.C.77/23, not NATed

I connected Win7_warrior to VPN_L2TP and then to VPN_IKEv2. I was having two 
active VPN conn in one time.
Next, I disconnected VPN_L2TP. VPN_IKEv2 was still active and was working fine. 

When I disconnected VPN_IKEv2 and was trying to connect VPN_IKEv2 omitting 
VPN_L2TP - I got 809.

Removing home_router which is between Win7_warrior and 1.2.3.119 does not 
change anything.
 
Another thing:
I install VPN_IKEv2 OS via PXEboot and get private IP from dhcp server. Then I 
move to public A.B.C.77/23 editing /etc/hostname, mygate, resolv.conf. Maybe I 
missed something in network conf that is important for OpenIKED?

Any idea?


On Tue, 6 Nov 2018 11:21:52 +0100
Radek <alee...@gmail.com> wrote:

> Hello Kim,
> 
> > My question was concerning the VPN_server, is the server NATed?
> A.B.C.0/23 is not NATed, it is a public pool. VPN_server is not NATed.
> 
> > How is A.B.C.0/23 connected to the 'rest' of the world? Router/Firewall ...
> I only have switches in my building.
> All routers/firewalls of my network are in another building, I do not know 
> the whole network structure, devices, security policies... but I have never 
> noticed that any ports were blocked.
> 
> I can setup a IKEV2 site-to-site VPN A.B.C.D/23 <--> !A.B.C.0/23 and it works 
> like a charm.
> https://community.riocities.com/openike_openbsd.html
> But I can not setup a VPN_server for road warriors.
> 
> I have just set up a VPN_L2TP_serv on Mikrotik (A.B.C.75/23). I can connect 
> my Win7_warrior from !A.B.C.0/23 (currently testing on GSM network).
> L2TP and IKEV2 use 500, 4500 ports. If L2TP works fine so I conclude that it 
> is not any Router/FW problem. 
> 
> On Tue, 6 Nov 2018 07:48:37 +0100
> Kim Zeitler <kim.zeit...@konzept-is.de> wrote:
> 
> > Good morning Radek,
> > 
> > I have a suspicion ...
> > 
> > > For (1), (2) and (3) VPN is working just fine with Win7_warrior and 
> > > puffy_warrior if they are connecting from A.B.C.0/23 (it does not matter 
> > > if warrior has public IP or it is behind NAT). The rest of the world 
> > > fails to connect the VPN_server.
> > My question was concerning the VPN_server, is the server NATed?
> > How is A.B.C.0/23 connected to the 'rest' of the world? Router/Firewall ...
> > 
> > Cheers,
> > Kim
> > 
> > 
> 
> 
> -- 
> radek


-- 
radek

Reply via email to