[AusNOG] IPsec issues over Telstra

[Beeson, Ayden]

We've done it a bit (and are currently running some) on Telstra.internet (if I recall correctly) using DMVPN with Cisco gear to do it, so its not an exact match to your situation.


Never noticed any specific IKEv2 issues though.


Cheers,

Ayden

________________________________
From: AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of James Andrewartha <trs80 at ucc.gu.uwa.edu.au>
Sent: Friday, 7 August 2020 1:57:44 AM
To: Daniel Carpenter
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] IPsec issues over Telstra

On Thu, 6 Aug 2020, Daniel Carpenter wrote:

> Anyone seeing any new issues forming IPsec IKEv2 tunnels over both Telstra.internet and Telstra.extranet lately? I’ve been
> trying to implement a new hub and spoke for a new environment using a HA pair of FortiGate 300e as the hub and Teltonika RUTX11
> as the end devices. My P1 and P2 come up fine but have little luck sending any traffic. Static routes created with the tunnels
> on both ends appear fine. I’ve tested the RUTX11 on our external wan with a public IP out of our APNIC provided subnet and it
> works flawlessly. Not operational yet luckily but if I cant figure it out in a week or two ill be forced to do it with OpenVPN.
> Or configure it with IPv6.

I can do it (IKEv1 though) with the embedded LTE modem in a FGT
30E-3G4G-GBL, but if I use a Netgear LB2120 connected to the FGT, the VPN
doesn't come up (I haven't investigated further yet due to lack of time).

--
# TRS-80              trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here will do \
# UCC Wheel Member     http://trs80.ucc.asn.au/ #|  what squirrels do best     |
[ "There's nobody getting rich writing          ]|  -- Collect and hide your   |
[  software that I know of" -- Bill Gates, 1980 ]\  nuts." -- Acid Reflux #231 /
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20200807/30f4f2b2/attachment.html>