Solved: Unable to connect VPNs RV320 to WRVS4400N

mcfeeters.steve1 · ‎03-05-2015

I had an RV220W router that died. I replaced it with a RV320, but I'm unable to re-connect the VPNs to my office WRVS4400N's. When I look at the log on the RV320 I'm not getting a lot of useful information, just [g2gips1]: [Tunnel Disconnected].

Is there a compatibility issue with the RV320 - WRVS4400N's?

I purchased a D-Link DSR-250 while I waited for the RV320 to arrive. I can establish the VPN's to the WRVS4400N's with it, but the overall performance of the DSR-250 is lacking, hence the desire to put the RV320 into production.

Does anyone have VPNs between the RV320 and WRVS4400N working?

mcfeeters.steve1 · ‎03-05-2015

I tried IP Only, with IP by DNS Resolved, and the VPN connected. As the address on the WRVS4400N is dynamic, will this mode reconnect on an address change?

View solution in original post

mpyhala · ‎03-05-2015

For Remote Group Setup, try Dynamic IP + Domain Name (FQDN) Authentication. Do no use WWW. in your FQDN, it should be syntrak.ca only. If that fails, resolve the IP address and try IP Only as a test. If it works using only the IP address, your router may be having issues resolving DNS.

- Marty

mcfeeters.steve1 · ‎03-05-2015

Thanks for the input.

When I try Dynamic IP, it forces AGGRESSIVE MODE. Even though I turn on AGGRESSIVE MODE on the WRVS4400N, the log reports:

[Tunnel Authorize Fail] no connection has been authorized with policy=PSK+AGGRESSIVE

When I use the IP Only I was able to establish the VPN!

So, how do I resolve the DNS issue? The Summary page shows the remote Gateway with the correct address when I use IP + FQDN.

Steve

mpyhala · ‎03-05-2015

Steve,

Dynamic IP always forces aggressive mode. Try leaving the WRVS4400N in Main Mode and see if that works.

- Marty

mcfeeters.steve1 · ‎03-05-2015

When I try without aggressive mode on the WRVS4400N, I get:

packet from 24.224.219.168:500: [Tunnel Authorize Fail] 'g2gips1' forbids connection, cause: Aggressive Mode

mcfeeters.steve1 · ‎03-05-2015

I tried IP Only, with IP by DNS Resolved, and the VPN connected. As the address on the WRVS4400N is dynamic, will this mode reconnect on an address change?

mpyhala · ‎03-05-2015

Steve,

As long as the WRVS4400N has DDNS, the name should resolve without issue when the IP changes. If possible, unplug the WRVS4400N for a while and when it reconnects, it should have a new WAN IP (depending on the ISP). The tunnel should come up.

- Marty

mcfeeters.steve1 · ‎03-05-2015

Thanks, I'll give this config a try. My ISP only changes the address for that router about every 6-9months, so it will take a while to know for sure.

mpyhala · ‎03-05-2015

Steve,

I have cable and my IP changes very rarely. I have found that if I leave the router off for a few hours or overnight, I will get a new IP.

- Marty

mpyhala · ‎03-05-2015

For future reference, IP Only and IP by DNS Resolved is the correct way to configure the RV320/325, as well as the RV042(G), RV082, RV016 routers.

Dynamic IP + Domain Name (FQDN) Authentication will not work in this instance.

- Marty