See my reply below. ... View more

You can download it from here: https://stage.conceptsweb.ca/cfddns/cloudflare-ddns-meraki.zip ... View more

The switch is also connected to a trunk port on the MX, same config. I can't connect in Wireless because my iPhone and all other devices say "No Internet Connection" when the VLAN tagging is enabled. So, I think I get an IP but iPhone are PITA about these things. ... View more

I don't have access to a computer right now but the port is basically a trunk allowing all VLANs, not dropping untagged traffic. The MR has 3 SSIDs and yes the Voice one is configured to tag the traffic with VLAN2. ... View more

The MR is plugged into a trunk port of the switch. It's a very simple setup. ... View more

The router is a MX64. The switch is on port 1 (trunk). And yes, if I plug a PC on access VLAN 2 it works. ... View more

Do I need to create another VLAN with its own subnet for this? ... View more

Is there a way on Windows to force this subnet to go to another gateway? It's just for 1 computer that needs access to both network. And yes, the other way around works, even my non-Meraki VPN peer is reachable. ... View more

Yes it is a IPPBX with some basic router capabilities. I am trying to create a subnetwork to prevent it from interferring with my current VoIP phones. However, I cannot disable NAT on it. ... View more

Mine is working perfectly. ... View more

@PhilipDAth wrote: It looks like you have thee subnets, so test it first on a Digital Ocean machine with:   ip route add 192.168.88.0/24 via 10.99.10.2 ip route add 10.255.255.0/24 via 10.99.10.2 ip route add 192.168.89.0/24 via 10.99.10.2   Assuming 10.99.10.2 is your StrongSwan machine.  If after doing that you can ping the machine then add it to rc.local so it happens every boot.  You'll need to be root to execute the above commands. I figured out why it wouldn't work. Strongswan does the routes automatically, but DigitalOcean (my provider) doesn't allow traffic from different source IP (other than a private IP) to be forwarded to private networks. In other words, the VM is reachable, but not the network behind it. ... View more

@ohv_ wrote: can you post your config? I never wasnt able to ping any side. First, you need these: Cloud VM Public IP Cloud VM Private Subnet and Mask Local Subnet and Mask Note that this is not a 100% secure as I am using a dynamic IP (see rightid below)   Here's my /etc/ipsec.conf conn %default ikelifetime=1440m rekeymargin=3m keyingtries=%forever keyexchange=ikev1 authby=secret dpdaction=restart dpddelay=30 conn remote-site left=%defaultroute leftsubnet=<VM Private Subnet/Mask, ex: 10.137.0.0/16> leftid=<VM Public IP> leftfirewall=yes right=%any rightsubnet=<Local Subnet/Mask, ex: 192.168.0.0/16> #rightid=123.123.123.123 <Static IP> rightid=%any # <Dynamic IP> auto=add ike=aes256-sha1-modp1024 esp=aes256-sha1  Then, in /etc/ipsec.secrets : %any %any : PSK "Y0ur5tr0ngP@55w0rd" On the MX side: Public IP : your VM public IP Private Subnets : your VM private subnet/mask, ex: 10.137.0.0/16 Policies : Azure Preshared Secret: Your password entered in ipsec.secrets   I didn't have to add any routes or iptables, as Strongswan does it automatically. This way, you can communicate with the VM but not with the private subnet (depends on the provider, DigitalOcean blocks it), BUT the VM can see both my local VLANs and my VoIP phones are working perfectly. ... View more

All running Debian 9 ... View more

So how I do that? And shouldn't I only need to create a route from the VPN VM to the private subnet FROM the strongswan interface? ... View more

Yes, I can ping any local machine (behind my home MX) from the VM. Anyone of them.   BUT, I can't ping other VMs in my subnet from my local machines.   So: MX = 192.168.1.0/24, DO = 10.137.0.0/16 From MX -> I can ping the VPN VM, but not the other VM local to it. From DO -> I can ping any machines on the MX network.   On DigitalOcean, there's no "gateway", the public IP is bound directly to the VM and the private IP is just a 10.137.0.0/16;255.255.0.0 in my case (Toronto datacenter). All my other VMs are in the same private subnet. ... View more

Hi!   I know it's an old topic but I managed to get a VPN working from my MX to my DigitalOcean droplet but I still have one issue: I can't ping other droplets in my subnet (10.137.0.0/16), all my VM are in this subnet.   I can ping 8.8.8.8 from the VM, I can ping my VM private IP from my local PC, my VoIP phones are all working correctly has the VPN server (Strongswan) is on that VM.   Also, I enabled IP forwarding and played with a few iptables to see if I could get it to work but no.   Does anyone have an idea? ... View more

Well what's funny is that someone at Meraki fixed the app. It wasn't working after multiple (tens) tries and now it worked this morning. It asked for my 2FA code and logged in. NOTE: the login page had a weird "refresh" behavior when you would open the app. Like the page needed to load a second time. Now it doesn't do that. Same device, same iOS, not even reinstalled between yesterday and today. ... View more

I will try disabling 2FA but note that this is a mandatory security feature in my business. We need the app to work with it. I do not have any Android devices but I will try a few things. Also, I did try on other devices and it doesn't work either. ... View more

Obviously I tried that. I tried everything with this app, it just doesn't work anymore and hasn't been updated in over a year. ... View more

The thing is that we don't want an internal DNS. We don't need one for anything else. ... View more