EdgeRouter 4: IPSec, S2S vpn

FATeknollogee

ER4 <--> Meraki MX S2S is "up"
Many thanks to @JaredBusch for all the help.

FATeknollogee

@JaredBusch
S2S #1: ER4 (ip 1.2.3.4) <--> Meraki MX is up
S2S #2: ER4 (ip 1.2.3.4) <--> Unifi USG not working, just says "connecting" (when I run "show vpn ipsec sa)

Any tricks or tips to make S2S #2 work?

JaredBusch

@FATeknollogee said in EdgeRouter 4: IPSec, S2S vpn:

@JaredBusch
S2S #1: ER4 (ip 1.2.3.4) <--> Meraki MX is up
S2S #2: ER4 (ip 1.2.3.4) <--> Unifi USG not working, just says "connecting" (when I run "show vpn ipsec sa)

Any tricks or tips to make S2S #2 work?

USG sucks...

FATeknollogee

@JaredBusch Don't talk bad about my USG :grinning_face_with_smiling_eyes:
In a few week I plan on replacing the USG w an ER4.

For now, I was able to get the ER4 <--> USGp4 connection up & running...:thumbs_up:

FATeknollogee

I have 2 public IPs on the USGp4 (using WAN 1 & 2)
For some reason, the second peer (of my S2S) ER4 refuses to connect to the USGp4 WAN1 IP.
I finally tried WAN2 & it connected.

FATeknollogee

update:
ER4 <--> S2S <--> Meraki MX is/was an absolute disaster.
No workie!!!
For now, have to scrap the idea, it just doesn't work :angry_face: :face_with_open_mouth_cold_sweat:

JaredBusch

@FATeknollogee said in EdgeRouter 4: IPSec, S2S vpn:

update:
ER4 <--> S2S <--> Meraki MX is/was an absolute disaster.
No workie!!!
For now, have to scrap the idea, it just doesn't work :angry_face: :face_with_open_mouth_cold_sweat:

I don’t know enough about the Meraki side. But one would assume it can work. IPSEC is a standard.

RojoLoco

@JaredBusch said in EdgeRouter 4: IPSec, S2S vpn:

@FATeknollogee said in EdgeRouter 4: IPSec, S2S vpn:

update:
ER4 <--> S2S <--> Meraki MX is/was an absolute disaster.
No workie!!!
For now, have to scrap the idea, it just doesn't work :angry_face: :face_with_open_mouth_cold_sweat:

I don’t know enough about the Meraki side. But one would assume it can work. IPSEC is a standard.

You probably have to rub some cash on the Meraki to get it to work.

JaredBusch

@RojoLoco said in EdgeRouter 4: IPSec, S2S vpn:

@JaredBusch said in EdgeRouter 4: IPSec, S2S vpn:

@FATeknollogee said in EdgeRouter 4: IPSec, S2S vpn:

update:
ER4 <--> S2S <--> Meraki MX is/was an absolute disaster.
No workie!!!
For now, have to scrap the idea, it just doesn't work :angry_face: :face_with_open_mouth_cold_sweat:

I don’t know enough about the Meraki side. But one would assume it can work. IPSEC is a standard.

You probably have to rub some cash on the Meraki to get it to work.

That was assumed.

FATeknollogee

The problem is this:
On the Meraki side, let's say you have 5 (this can be any number greater than 1) firewalls.
In Meraki speak, if all 5 are in the same "organization", S2S is a few clicks & AutoVPN takes over. No pre-shared secret, no keys.
You turn on VPN, say yes to whatever subnets you want in the vpn & save.

On the ER side, I have to create 5 peers to connect to the Meraki side.
Meraki will only expose one connection for a 3rd party S2S & therein lies the problem.
Not all the tunnels connect & there's no good way to fix it.