Solved: RV340 VPN Issue

ServicePros · ‎03-07-2022

Hey Everyone,

I'll keep this short: I'm trying to establish a VPN connection between this RV340 and a Fortinet. No matter what settings I try, I can't seem to get them to talk to each other. Here's the current logs, but we have tried a bunch of things like IKEv1, now PSK passwords, different encryption etc. It really doesn't seem to matter. Any ideas on this one?

2022-03-07T14:08:41-05:00 <info>charon: Last message '06[IKE] 52.171.215.5' repeated 1 times, supressed by syslog-ng on router84A8F7
2022-03-07T14:08:40-05:00 <info>charon: 06[IKE] 52.171.215.56 is initiating an IKE_SA
2022-03-07T14:08:40-05:00 <info>charon: 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
2022-03-07T14:08:40-05:00 <info>charon: 06[NET] received packet: from 52.171.215.56[500] to 96.94.47.181[500] (376 bytes)
2022-03-07T14:08:39-05:00 <info>charon: 11[NET] sending packet: from 96.94.47.181[4500] to 52.171.215.56[4500] (80 bytes)
2022-03-07T14:08:39-05:00 <info>charon: 11[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
2022-03-07T14:08:39-05:00 <info>charon: 11[IKE] no shared key found for '%any' - '52.171.215.56'
2022-03-07T14:08:39-05:00 <info>charon: 11[CFG] selected peer config 'passthrough_s2s_GlobalIS'
2022-03-07T14:08:39-05:00 <info>charon: 11[CFG] looking for peer configs matching 96.94.47.181[%any]...52.171.215.56[52.171.215.56]
2022-03-07T14:08:39-05:00 <info>charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) AUTH N(MSG_ID_SYN_SUP) SA TSi TSr ]
2022-03-07T14:08:39-05:00 <info>charon: 11[NET] received packet: from 52.171.215.56[4500] to 96.94.47.181[4500] (240 bytes)
2022-03-07T14:08:39-05:00 <info>charon: 07[NET] sending packet: from 96.94.47.181[500] to 52.171.215.56[500] (384 bytes)
2022-03-07T14:08:39-05:00 <info>charon: 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
2022-03-07T14:08:39-05:00 <info>charon: 07[IKE] remote host is behind NAT
2022-03-07T14:08:39-05:00 <info>charon: Last message '07[IKE] 52.171.215.5' repeated 1 times, supressed by syslog-ng on router84A8F7
2022-03-07T14:08:39-05:00 <info>charon: 07[IKE] 52.171.215.56 is initiating an IKE_SA
2022-03-07T14:08:39-05:00 <info>charon: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
2022-03-07T14:08:39-05:00 <info>charon: 07[NET] received packet: from 52.171.215.56[500] to 96.94.47.181[500] (376 bytes)
2022-03-07T14:08:20-05:00 <info>charon: 06[NET] sending packet: from 96.94.47.181[4500] to 52.171.215.56[4500] (80 bytes)
2022-03-07T14:08:20-05:00 <info>charon: 06[ENC] generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
2022-03-07T14:08:20-05:00 <info>charon: 06[CFG] no alternative config found
2022-03-07T14:08:20-05:00 <info>charon: 06[CFG] selected peer config 's2s_GlobalIS' inacceptable: constraint checking failed
2022-03-07T14:08:20-05:00 <info>charon: 06[CFG] constraint check failed: identity '52.171.215.56' required
2022-03-07T14:08:20-05:00 <info>charon: 06[IKE] authentication of '52.171.215.56' with pre-shared key successful
2022-03-07T14:08:20-05:00 <info>charon: 06[ENC] parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr ]
2022-03-07T14:08:20-05:00 <info>charon: 06[NET] received packet: from 52.171.215.56[4500] to 96.94.47.181[4500] (224 bytes)
2022-03-07T14:08:20-05:00 <info>charon: 07[NET] sending packet: from 96.94.47.181[4500] to 52.171.215.56[4500] (240 bytes)
2022-03-07T14:08:20-05:00 <info>charon: 07[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(EAP_ONLY) ]
2022-03-07T14:08:20-05:00 <info>charon: Last message '07[IKE] establishing' repeated 1 times, supressed by syslog-ng on router84A8F7
2022-03-07T14:08:20-05:00 <info>charon: 07[IKE] establishing CHILD_SA s2s_GlobalIS
2022-03-07T14:08:20-05:00 <info>charon: 07[IKE] ezvpn create_attribute_enumerator
2022-03-07T14:08:20-05:00 <info>charon: 07[IKE] successfully created shared key MAC
2022-03-07T14:08:20-05:00 <info>charon: 07[IKE] authentication of '96.94.47.181' (myself) with pre-shared key
2022-03-07T14:08:20-05:00 <info>charon: 07[IKE] IKE_AUTH task
2022-03-07T14:08:20-05:00 <info>charon: 07[IKE] IKE_CERT_PRE task
2022-03-07T14:08:20-05:00 <info>charon: 07[IKE] reinitiating already active tasks
2022-03-07T14:08:20-05:00 <info>charon: 07[IKE] remote host is behind NAT
2022-03-07T14:08:20-05:00 <info>charon: 07[IKE] received FRAGMENTATION_SUPPORTED notify
2022-03-07T14:08:20-05:00 <info>charon: 07[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
2022-03-07T14:08:20-05:00 <info>charon: 07[NET] received packet: from 52.171.215.56[500] to 96.94.47.181[500] (360 bytes)
2022-03-07T14:08:20-05:00 <info>charon: 16[NET] sending packet: from 96.94.47.181[500] to 52.171.215.56[500] (596 bytes)
2022-03-07T14:08:20-05:00 <info>charon: 16[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] IKE_SA s2s_GlobalIS[1378] state change: CREATED => CONNECTING
2022-03-07T14:08:20-05:00 <info>charon: Last message '16[IKE] initiating I' repeated 1 times, supressed by syslog-ng on router84A8F7
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] initiating IKE_SA s2s_GlobalIS[1378] to 52.171.215.56
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] activating IKE_AUTH_LIFETIME task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] activating CHILD_CREATE task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] activating IKE_CONFIG task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] activating IKE_CERT_POST task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] activating IKE_AUTH task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] activating IKE_CERT_PRE task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] activating IKE_NATD task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] activating IKE_INIT task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] activating IKE_VENDOR task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] activating new tasks
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] queueing CHILD_CREATE task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] queueing IKE_AUTH_LIFETIME task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] queueing IKE_CONFIG task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] queueing IKE_CERT_POST task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] queueing IKE_AUTH task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] queueing IKE_CERT_PRE task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] queueing IKE_NATD task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] queueing IKE_INIT task
2022-03-07T14:08:20-05:00 <info>charon: 16[IKE] queueing IKE_VENDOR task
2022-03-07T14:08:20-05:00 <info>charon: 11[CFG] received stroke: initiate 's2s_GlobalIS'
2022-03-07T14:08:20-05:00 <notice>VPN-cfg: Bringing UP connection:s2s_GlobalIS

ServicePros · ‎03-07-2022

Hey Everyone,

Got it to work. We were going back and fourth changing settings on both sides of the VPN. At some point I noticed that even if I changed Ip addresses or whatever setting, the error logs looked the same. I actually went in and deleted the both the site to site and IPsec profiles and rebuilt them...came right online. It was almost like the profile was corrupt from all the changes. Hope this helps someone!

View solution in original post

ServicePros · ‎03-07-2022

Hey Everyone,

Got it to work. We were going back and fourth changing settings on both sides of the VPN. At some point I noticed that even if I changed Ip addresses or whatever setting, the error logs looked the same. I actually went in and deleted the both the site to site and IPsec profiles and rebuilt them...came right online. It was almost like the profile was corrupt from all the changes. Hope this helps someone!