Hi
I am testing the Meraki Client VPN at the moment. So far, I have failed to connect from Windows 10 Pro and Android 8 devices. Unfortunately, there is not much information in the events log.
As you can see, remarkably few events in the log. So not very helpful. However, events were being dropped in considerable numbers. Is there an alternative?
Testing from the phone is almost impossible because neither the Z3C logs VPN events, nor does the Android 8 phone.
To complicate life it appears that Android 8 will only accept IPv4 server addresses, so one is SOL if using dynamic public IP addresses.
I have attempted in all possible permutations of fixed/mobile/client/server to connect, without joy. Win 10 is more helpful in that its Event Log has usable information.
Am I wasting my time? Should I be looking at the alternatives, such as StrongSwan ?
@Uberseehandel Did you double verify the client VPN configuration on the devices and made sure they are configured as mentioned in this document?
https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows_10
Also, if you take a packet capture on the WAN interface of the MX, do you see phase IPsec negotiations starting on UDP port 4500?
I am sorry on the logging part, I am pretty sure I saw more logging than that when my connection was failing but yeah strongswan seems to be providing much better sane logging. Won't hurt upgrading it to 15 version if you want to try out strongswan.
Cheers!
Raj
I did work through that document originally, I shall work through it again, in the morning, to double check. After that I'll look further at the StrongSwan option.
Having Office365/Exchange/Azure services and all data/content files synced to shared/private OneDrives makes this less critical than it used to be as the connections are encrypted (allegedly).
Thanks for responding, it is appreciated.
Lets take a simple Windows 10 case. When the client doesn't connect - what error is being returned?
@PhilipDAth wrote:Lets take a simple Windows 10 case. When the client doesn't connect - what error is being returned?
Error code 789.
My plan today is to carefully work through the trouble shooting instructions again.
To be clear
if the Win 10 machine is attached to an MX and it is trying to open a VPN client connection to a Z3C that is using the LTE modem as the uplink, there is no need to worry about opening ports on the MX?
The answer will be simple . . . in retrospect
Double check the pre-shared key. Note that some clients don't handle complex passwords for the PSK, so if yours is using puntucation symbols and the like try making it simpler.
However, most LTE providers don't let client VPN traffic through like this. You may be able to use a different APN that does not run through a firewall. For example, if you are in New Zealand the APN "internet" gives you a public IP address and does not have any ports blocked by the Telco.
@PhilipDAth wrote:Double check the pre-shared key. Note that some clients don't handle complex passwords for the PSK, so if yours is using puntucation symbols and the like try making it simpler.
However, most LTE providers don't let client VPN traffic through like this. You may be able to use a different APN that does not run through a firewall. For example, if you are in New Zealand the APN "internet" gives you a public IP address and does not have any ports blocked by the Telco.
On the mobile phone I have configured and activated the appropriate "Internet" APN, but there appears to be a common IP address for all Internet users. I did not need this additional profile to access the internet previously, and had no difficulty accessing OneDrive.
@Raj66 wrote:
Also, if you take a packet capture on the WAN interface of the MX, do you see phase IPsec negotiations starting on UDP port 4500?
Dumb question.
How do I do a packet capture on the uplink, when the uplink is using the LTE cellular modem?