Issues with IPSec connection to Strongswan


#1

I set up an ipsec connection from our Balance 210 to an instance in AWS running Strongswan. The tunnel on the peplink is configured to route to 4 different remote network ranges. The B210 reports that the tunnel is up and connected and for a while it worked fine - I was able to connect to instances in all remote networks without a problem.

However, in the past couple of weeks I suddenly have been unable to connect to the remote instances any more. The Peplink still reports the tunnel is up and I can see the connection details in the strongswan instance’s logs, but when I try and make connections from my laptop behind the B210 I can’t see any traffic hitting the strongswan instance.

The IPSec logs on the B210 are no help, they show only that the tunnel connection was successful, but I have no insight into any attempts to traverse the tunnel. Is there any way I can turn on better debug logging on the Peplink? At the moment I’m just fumbling blindly.

Thanks,
Guy


#2

Can you provide the following for us to further check ?

  1. Traceroute results from client behind B210 to remote network.

  2. May i know you can’t access 4 different remote network ranges or only few of the networks ?

Usually IPSEC logs will only shown on VPN level message compare to the error message for the traffics pass-through the tunnel. In-order to troubleshoot this, usually we need to enable packet capture for both end devices to confirm whether the traffics is sent or received. Possible please open a support ticket here for the support team to check.

I know your pain to troubleshoot such setup, just want to check will you consider Fusionhub as the instance in AWS ? With Fusionhub, you are able to build a PepVPN/SpeedFusion connection and get full control/visible for the VPN connections and beside that even you will have full suite of tools to test the performance for the VPN connection & knowing the traffics that pass-through the VPN tunnel.

For more information regarding to FusionHub, please refer to the URL below: