@Stariaa 

 

Change proposal to SHA-256 - AES256 - DH14 on both site, they have to match.

 

now you have SHA-256 - AES256 - DH14 and SHA-512 - AES256 - DH14 and that will not work

 

 

 

 

  @Stariaa 

 

The routers are also connected and adopted and configured with the following subnets.

 

Main Branch   192.168.1.0/24

Remote site    192.168.3.0/24

 

The BT Smart Hub routers will have a default LAN subnet of 192.168.1.0/24 , so unless you've changed them from the default, the Omada at the main branch will have a WAN IP (DHCP i assume from the Smart Hub) in the same subnet as its LAN. That's not going to work!

Hi This has been changed Main Site BT Router Lan 192.168.0.1 TPLink Router: 192.168.1.1 Remote Site BT Router 192.168.4.0 TPLink Router: 192.168.3.1

  @MR.S Hi 

 

You can see below 

 

Remote Site

 

Main Site

 

 

Another point for the NAT in the omada controller, should they be forwarded to the IP of the omada controller or the gateway?

I just changed the forwarding from the omada controller that is 192.168.1.137 to the default gateway

 

It's still not working after doing this 

  @Stariaa 

 

Hi This has been changed Main Site BT Router Lan 192.168.0.1 TPLink Router: 192.168.1.1 Remote Site BT Router 192.168.4.0 TPLink Router: 192.168.3.1

 

Thanks for confirming.

 

Since your Omada routers are behind NAT, have you enabled the IPSEC ALG ? Its Transmission > NAT > ALG

  @MisterW 

 

they were enabled by default it seems so yeah its enabled 

 

  @Stariaa 

 

Do not use port NAT, delete all NAT, and try again

 

Do not use port NAT, delete all NAT, and try again

 

Yes, there's no need for any port forwarding on the 7206s, only on the BT SMart Hub s

 

@Stariaa  However , I think you may be on a hiding to nothing with the Smart Hubs ..

Its not possible to post direct links to ther sites here but if you google 'bt smart hub 2 ipsec' , about the 3rd link down

is titled

 

BT Business Smart Hub 2 and DMZ'ing IPSec Traffic - Not working!

 

Take a read through it...

 

  @Stariaa 

 

I just configure same vpn.. folw this and it will work

 

This is site with WAN on router

 

 

 

and this is router bihind anoter router and have no piblic IP on WAN interface.

 

 

You dont need to do anything else to get this to work.

 

I had a read it seems not sure if it correct that is but an administrator stated "IPsec VPN servers are not possible behind a Smart Hub 2 due to it only supporting TCP and UDP pass-through. Even with DMZ being turned on!" not sure if that means with the BTHub Smart Hub 2 i have is the issue. but ive purchase a rj11 to rj45 converter i want to try connecting the ISP directly to the TP link router instead to see if the WAN IP will show on the main site, want to try both router this way and see if it will work