I realize that Peplink only officially supports IPSEC to two other vendors. I also realize that unofficially it can work on additional endpoints. Unfortunately I have not been able to get it to work on one of mine.
I have a few remote sites that I need site-to-site VPN. Unfortunately, over the years I have a collected a varied set of VPN routers. I used to primarily stick to Sonicwall for the very issue of VPN compatibility (and other reasons). I have some Sonicwall to Sonicwall connections and I have a Sonicwall to Netgear FVS338. Unfortunately, I need to set up a new site to also VPN to the FVS338. I have a Balance 20 (my first Peplink) I am trying at the new site. I can not get the VPN to work. No matter what I do, I get INVALID_ID at the start of phase 1 ike. I basically copied the setup I have working between the Sonicwall and the FVS to the Peplink but it simply won’t work.
Based on the limited error messages, I am pretty sure that the issue is in the remote/local IDs. As you know the IDs can be at least either IPV4, FQDN, email/text, or DN. On both the FVS and Sonicwall you can select the identity type as well as the identity data. On the Balance you can not select the type. I don’t know if the balance is smart enough to automatically detect the ID type based on teh ID data the user enters and adjust the msg accordingly, or not. I have tried Main and aggressive mode, I have tried all of the ID options except DN (I don’t have any x.509 certs), but no matter what I do I get INVALID_ID at the FVS or Local/Remote ID mismatch on the Peplink. Again the same config/IDs works fine on the Sonicwall to FVS. Both the FVS and the Peplink have little to no logging so I can’t see what is really going on during the exchange. I tried this on 6.1.2.
Since my VPN endpoint is not officially supported I don’t expect anything to be done, but should you look at expanding the VPN compatibility, I would be interested. In the mean time, I will just have to put an old Sonicwall behind the Peplink and just run the VPN traffic from behind it. I have tested that and it passes through the Peplink just fine. Having the Peplink by its self would have been nice…