Help needed connecting remote users to an AWS hosted FusionHub Solo

Hi all

I am stuck trying to connect a remote user via L2TP with IPsec to the AWS hosted FusionHub. For testing, I am using the inbuilt Windows VPN client with the same PSK, but I am unable to make a VPN connection. I must be missing a step. To date, I have:

  1. Opened up UDP ports 500, 4500 and 1701 on the AWS instance
  2. Setup remote user access settings with a PSK and a local user
  3. Setup the windows VPN with the public IP of the AWS instance and the same PSK.

What am I missing?

check out Martin’s reply here:

Thanks. This adds another piece to the puzzle. In this prior post, it seems Kevin was able to establish a remote client VPN connection but could not connect to anything. I am having trouble establishing the VPN connection. I suspect I am missing a simple step.

Best thing to do here is a packet capture to see what part is failing. Also, I know this is old, but check out step 8 here: Setting up L2TP With IPsec

Thanks. I have reviewed the setup guide and recreated a new VPN profile on Windows - no success, still unable to connect. I assume the IP address required for the VPN client is the AWS public IP address? See wireshark capture below filtered to ISAKMP traffic. Let me know if you need to see more of the capture.

Are you using Google Fiber? The source, are you sure IPSec Passthrough is enabled on your router? Can you do me a favor and DM me your public AWS IP if you don’t mind? I’ll take a look.

Looking at your capture, it looks like everything is done properly. You will have 6 packet exchanges in phase 1 (completed it looks like), and the 3 packet exchanges in phase 2 (looks completed as well) and then keepalives after.

Can you look at what happens outside of your IKEv1 filter that you have? I still think that some data isn’t being exchanged which leads Windows to think the connection isn’t established. Do you have logs from the VPN connection on the Peplink side, even though they’re thin? Do you see the connection attempts?

No google fibre, up address sent

There are no applicable entries in the Device, Firewall or SpeedFusion VPN event logs. The additional Wireshark entries are as follows: