the meraki configuration of non-meraki-devices ... View more

#/etc/ipsec.conf conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev1 authby=secret ike=aes128-sha1-modp1024,3des-sha1-modp1024! esp=aes128-sha1-modp1024,3des-sha1-modp1024!   conn vpn2 keyexchange=ikev1 left=%defaultroute auto=add authby=secret type=transport leftprotoport=17/1701 rightprotoport=17/1701 rightsubnet=192.168.1.0/24 rightid=165.90.79.78 # set this to the ip address of your meraki vpn right=165.90.79.78 ... View more

The firewall is not enabled on router.   i made some changes and seems the connection is estabelished and then goes down. Here the logs:   sudo ipsec up vpn2 initiating Main Mode IKE_SA boane-vpn[1] to 165.90.79.78 generating ID_PROT request 0 [ SA V V V V V ] sending packet: from 192.168.2.254[500] to 165.90.79.8[500] (212 bytes) received packet: from 165.90.79.8[500] to 192.168.2.254[500] (156 bytes) parsed ID_PROT response 0 [ SA V V V V ] received XAuth vendor ID received NAT-T (RFC 3947) vendor ID received DPD vendor ID received FRAGMENTATION vendor ID generating ID_PROT request 0 [ KE No NAT-D NAT-D ] sending packet: from 192.168.2.254[500] to 165.90.79.8[500] (244 bytes) received packet: from 165.90.79.8[500] to 192.168.2.254[500] (228 bytes) parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] local host is behind NAT, sending keep alives generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] sending packet: from 192.168.2.254[4500] to 165.90.79.8[4500] (100 bytes) received packet: from 165.90.79.8[4500] to 192.168.2.254[4500] (92 bytes) parsed ID_PROT response 0 [ ID HASH V ] received DPD vendor ID IKE_SA boane-vpn[1] established between 192.168.2.254[192.168.2.254]...165.90.79.8[165.90.79.8] scheduling reauthentication in 3337s maximum IKE_SA lifetime 3517s generating QUICK_MODE request 1050748777 [ HASH SA No KE ID ID NAT-OA NAT-OA ] sending packet: from 192.168.2.254[4500] to 165.90.79.8[4500] (356 bytes) sending retransmit 1 of request message ID 1050748777, seq 4 sending packet: from 192.168.2.254[4500] to 165.90.79.8[4500] (356 bytes) received packet: from 165.90.79.8[4500] to 192.168.2.254[4500] (92 bytes) parsed INFORMATIONAL_V1 request 3971823612 [ HASH N(DPD) ] sending retransmit 2 of request message ID 1050748777, seq 4 sending packet: from 192.168.2.254[4500] to 165.90.79.8[4500] (356 bytes) received packet: from 165.90.79.8[4500] to 192.168.2.254[4500] (92 bytes) parsed INFORMATIONAL_V1 request 4073732075 [ HASH N(DPD) ] received packet: from 165.90.79.8[4500] to 192.168.2.254[4500] (92 bytes) parsed INFORMATIONAL_V1 request 3012882346 [ HASH N(DPD) ] sending retransmit 3 of request message ID 1050748777, seq 4 sending packet: from 192.168.2.254[4500] to 165.90.79.8[4500] (356 bytes) received packet: from 165.90.79.8[4500] to 192.168.2.254[4500] (92 bytes) parsed INFORMATIONAL_V1 request 3714477588 [ HASH N(DPD) ] received packet: from 165.90.79.8[4500] to 192.168.2.254[4500] (92 bytes) parsed INFORMATIONAL_V1 request 3520459203 [ HASH N(DPD) ] sending keep alive to 165.90.79.8[4500] sending retransmit 4 of request message ID 1050748777, seq 4 sending packet: from 192.168.2.254[4500] to 165.90.79.8[4500] (356 bytes) ... View more

i have a little note. The ubuntu box was connecting to MX using client vpn that require username and password. What i want is connect Ubuntu with Meraki via site to site VPN. I made some changes in ubuntu. and now i wont be able to connect ... View more

Hello @ww, Here you found the answers of the questions, your mx is in routed mode? Yes, my mx is in routed mode and has vpn site-to site configured 192.168.1.x and 192.168.2.x are interfaces on the mx? 192.168.1.x is lan of mx 192.168.2.x is tp-link 3420 lan what static route did you set exactly? i have configured  the following static route on mx subnet next houpe 192.168.2.0/24 1921.168.1.254 you have a small drawing maybe? right now i dont have a draw ... View more