cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki VPN not connecting error code 789

Highlighted
Comes here often

Meraki VPN not connecting error code 789

I have an MX67 that i have followed the setup guides for allowing VPN.  I am running into the error code 789 on a Win 10 PC.  I have followed the trouble shooting guides but it still cant get it to work.  Can someone please provide a better explanation of what the port forwarding should look like?  Where does that need to be configured?  On the MX or at the local end users internet router?  I am unable to connect from an Iphone as well over LTE.  What am I missing in this setup?

13 REPLIES 13
Highlighted
Kind of a big deal

Re: Meraki VPN not connecting error code 789

Is the public IP on your MX's WAN interface, or does the MX WAN have a private IP?

 

If you have a private IP showing on the MX, then your ISP's router should get changed to passthrough/bridge mode if at all possible. Your ISP can help with this if you aren't able to do it yourself.

 

Also, are you sure you had the PSK recorded correctly?

 

For Win10 btw, the general recommendation is to use a script for setup. I've got some in my signature that you're free to grab. Doesn't work on Win7.

Highlighted
Comes here often

Re: Meraki VPN not connecting error code 789

Public IP on the MX Wan 1 port.  

 

PSK is correct.  For testing Ive simplified it.  

 

I dont know how to download, modify or run your script.  Can you give me guidance on that as well?

Highlighted
Comes here often

Re: Meraki VPN not connecting error code 789

I figured out your script.  Ran it, still doesnt work.  Same result.  

Highlighted
Kind of a big deal
Kind of a big deal

Re: Meraki VPN not connecting error code 789

On  isp  router to mx wan ip

Highlighted
Comes here often

Re: Meraki VPN not connecting error code 789

Tried this.  Still fails.  How is this supposed to work if the client is in a hotel or other public wifi?  They arent going to have the port forwarding available to them.  Here i have access to the router and its admin, out in the world i dont.

Highlighted
Kind of a big deal

Re: Meraki VPN not connecting error code 789

Highlighted
Kind of a big deal

Re: Meraki VPN not connecting error code 789

I've had problems in the past where the PSK was a complex string.  My guess is some VPN clients couldn't process those complex characters.

 

For a short test, try making the PSK something simple like "password" and see if that works.  If it does change it again but use less complex characters.

 

Also make sure the PSK does not have a trailing space.

Highlighted
Kind of a big deal

Re: Meraki VPN not connecting error code 789

Ending PSK on punctuation can sometimes cause some strangeness. I automatically add an a-zA-Z character I think. 

 

Also just to confirm, you're not trying to connect to the VPN from inside the firewall right? While in the office with the firewall, I've had to disable wireless on a phone when testing either on the phone itself or testing a PC via its hotspot, to ensure it's on the cell signal.

Highlighted
Comes here often

Re: Meraki VPN not connecting error code 789

It’s not a PSK issue.  I already tested this by just making it Cisco and it still fail.  I’ve disabled all firewall rules and Intrusion Prevention and detection.  It’s a straight shot into the site and nothing works.  I’ve tried the script to build the vpn and it fails.  Nothing works.  This is extremely frustrating.

Highlighted
Kind of a big deal

Re: Meraki VPN not connecting error code 789

What do you see in a pcap on the WAN interface on the MX, when you're actively trying to make a VPN connection? You'll need the WAN IP of the device you're connecting in from, just so you can locate the traffic in the pcap.

 

And you're sure the credential is good right? If it's Meraki cloud, you can test at account.meraki.com

Highlighted
Comes here often

Re: Meraki VPN not connecting error code 789

Not a dell machine.  Doesn’t work from IPhone either.  Nothing works.

Highlighted
Kind of a big deal

Re: Meraki VPN not connecting error code 789

A small number of carriers have started going with IPv6 as native transport.  These often can not tunnel client VPN connections that use IPSec.

Are you using the same carried for your fixed and mobile hot spot?  If so, what is that carrier?

 

Another possibility is that your carrier is filtering out traffic.

Kind of a big deal

Re: Meraki VPN not connecting error code 789

Something that has bitten me in the past was the PSK length. I had generated the PSK with my password manager and pasted it into the Meraki dashboard. Not realizing that the GUI shortened it. I pasted it into Windows too... And there you go password mismatch. I'm with @PhilipDAth , start with a simple password and then go more complex.

 

Also, with regards to your other question, port forwarding is only needed on the MX side, not on the client side. So no issue if you're in a hotel. If course firewall rules or proxies in the network the client is using can still block the tunnel from establishing.

 

Edit: Sorry, I missed the part that you already tried Cisco as PSK.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.