Cannot create working Site-To-Site VPN Tunnel
I have Five ER7206 Routers I am configuring for a client. We are connecting 4 branch offices by VPN with very fast/high bandwidth connections at each.
Each branch office will connect to 1 main ER7206.
Each router is connected fine to the internet and provides connections to the LAN normally.
We are using the omada software controller on a PC connected to the main ER7206 and linked to the Omada Cloud.
The routers are also connected and adopted and configured with the following subnets.
Main Branch 192.168.0.1/24
Remote 1 192.168.10.1/24
Remote 2 192.168.20.1/24
Remote 3 192.168.30.1/24
Remote 4 192.168.40.1/24
We created an Auto VPN connection for "Remote 1" using the omada interface, checked the connection was auto-created on both ends. No VPN Tunnels are active listed in the omada>insight>VPN Status menu. Even after we rebooted both routers.
We deleted the Auto VPN entry and created a "Manual IPsec" VPN Tunnel.
We setup a Dynamic DNS service using noip.com for each router and we specified the remote gateways as its Dynamic DNS name on each end
The manual ipsec tunnel used the following settings for each end:
Site to site VPN
Manual IPsec
Status - Enable
Remote gateway - DynamicDNS Name of the oppsite Router
Remote Subnet - The subnet of each end i.e 192.168.0.0/24 - 192.168.10.0/24
Local Networks: all
Preshared Key: Same key on both ends.
WAN - WAN
Phase 1
Key Exchange Version - Have tried both IKEv1 and IKEv2
Proposal - SHA1-AES256-DH2 on both
Negotiation Mode - Initiator on both
Negotiation Mode - When using IKEv1 we tried both Main and agressive on both
Local ID - Name: Each has unique ID
Remote ID - Name - Other ends ID that matches the Local ID
SA Lifetime - 28800
DPD - Enable
DPD Interval - 10
Phase 2
Encasulation Mode: - Tunnel
Proposal - ESP-SHA1-AES256
PFS - None
SA Lifetime - 28800
Most of these settings are the default, what are we doing wrong?