Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
5
Helpful
0
Replies

RV340 site-to-site VPN is down after the recent firmware upgrade

leogrande1
Level 1
Level 1

‎07-22-2021 07:28 AM - edited ‎07-22-2021 08:22 AM

RV340 RV340-K9 V03

Current firmware: 10.0.03.21

One of my site-to-site VPN connections is broken after the firmware upgrade, I believe.

 

Left: RV340

Right: Strongswan 5.9.1 (Ubuntu server,  NAT-T)

 

I have this server connected to several other locations with no issues, but RV340 refuses to connect.

 

<info>charon: 14[IKE] IKE_SA s2s_xx_xxx[93670] state change: CONNECTING => DESTROYING
<info>charon: 14[IKE] received NO_PROPOSAL_CHOSEN error notify
<info>charon: 14[ENC] parsed INFORMATIONAL_V1 request 2950876373 [ N(NO_PROP) ]
<info>charon: 14[NET] received packet: from xx.120.9.xxx[500] to xx.187.93.xx[500] (56 bytes)
<info>charon: 07[NET] sending packet: from xx.187.93.xx[500] to xx120.9.xxx[500] (200 bytes)

 

It was working before the firmware upgrade.

 

EDIT:

This Stongswan server  is the only endpoint behind the router (NAT-T), all other connections (on RV340) endpoints, which have not been affected by the firmware upgrade, are routers, besides some connections to AWS VPC (EC2 VPN gateways with Strongswan servers) which have Elastic static public IPs (not behind NAT-T, I think).

 

NAT-T has been affected by this firmware upgrade?

 

UPDATE:

My NAT-T suspicions were correct, but this is not a firmware upgrade to blame but rather myself.

I have found a port forwarding NAT-T was enabled on this router, probably recently.

It was embarrassing ...

 

 

 

 

 

Labels:
0 Replies 0
Customers Also Viewed These Support Documents