I wonder whether anyone has successfully configured site-to-site IPSec VPN tunnel with CalAmp LTE Fusion device (a cellular mobile router). Somehow I cannot establish the vpn tunnel under different configurations and I know it is running opensource strongswan. Interestingly, CalAmp has an older model Vanguard 3000 for 3G and the vpn tunnel works fine. Any advice will be invaluable.
Have you got a chance to take a pcap on this, from that pcap, we will come to know whether the point of failure in phase-1 or in Phase-2 negotiation.
You can verify the same from the PAN system logs as well.
Step1 : Server side Config :
sudo apt update && sudo apt upgrade -y
sudo apt-get install strongswan
Set the following kernel parameters:
cat >> /etc/sysctl.conf << EOF
net.ipv4.ipforward = 1
net.ipv4.conf.all.acceptredirects = 0
net.ipv4.conf.all.send_redirects = 0 EOF
sysctl -p /etc/sysctl.conf
root@rithvik-gpcs-client-1:/home/rithvik# cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
# uniqueids = no
# Add connections here.
# Sample VPN connections
# rightid="C=CH, O=Linux strongSwan CN=peer name"
# connection to paris datacenter
conn ubuntu-client-to-firewall #
root@rithvik-gpcs-client-1:/home/rithvik# cat /etc/ipsec.secrets
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.
10.1.0.101 10.1.0.201 : PSK '123456'
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!