Balance 380 IPsec vpn to 3rd party


#1

Hi,

i am unable to configure Peplink Balance 380 with Pfsense 2.01 for site-to-site IPsec VPN. The configuration is pretty straight forward but it simply won’t finish phase 1 .

There are some unclear options on Peplink:

Local ID and Remote ID. Help says

Under Main Mode, this field can be left blank.

Under Aggressive Mode, if Remote Gateway IP Address field is filled on this end and the peer end, this field can be left blank. Otherwise, this field is typically a U-FQDN

U-FQDN is something@something.bla but when i enter that it gives me Invalid local or remote ID. At first i was trying Local ID public IP of my end and Remote ID public IP of remote end but had no success of establishing a connection. I am using only 1 WAN link. Also i find very problematic that i can’t see detailed IPsec log on Peplink so i can troubleshoot the problem.




#2

Hi opti2k4,

Sorry for the confusion of the help text, in fact, if you leave the Local / Remote ID as blank, it will automatically use the IP Address as the identifier.

For the U-FQDN being invalid in Main Mode, this is already known by our engineering team and has been fixed, will be available in our future release. As this is only affecting Main Mode, and Main Mode using PSK requires both peers to have static IP address, therefore, this should not be critical because you can simply use IP Address as the Identifier.

To further investigate your issue, could you please help to get the Diagnostic Report? Please go to Web Admin of the Balance, then go to “Status” page, click on the “Download” link next to “Diagnostic Report”. Thank you very much. :slight_smile:

Best regards,
Steve
The Peplink Team


#3

Hi Steve,

i found what was the problem… Preshared key had ! character which was problematic and once i removed it i was able to establish VPN connection. You should fix that in next revision of FW. And i got a confirmation from pfsense team that their VNC accepts all characters in preshared key field.


#4

Thank you for your information. We will let our engineers know immediately.


#5

Thank you for letting us know the issue. We will definitely include the fix in coming firmware.