Latest ER707M2 firmware breaks L2TP/IPsec VPN connections with ER605v1
I have a number of ER605v1 running 1.3.1 still out in the field, and they now home back to an ER707M2 which is running 1.2.2. All is good. Upgrading the ER707M2 to 1.2.3 (Oct-2024) today caused the VPN tunnels to never come up, downgrading to 1.2.2 brings it right back. No other changes.
ER707M2 is the server, ER605v1 are the clients.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
To anyone who's concerned:
The new firmware of ER707-M2 has added a mechanism to verify the VPN characters and if you have anything beyond, the letter, number, and underscore(_), they will be considered invalid characters. A failure in the VPN connection ensued for this reason.
Remove the characters and save your VPN. Try again.
If you downgrade, remove the invalid characters and upgrade to the latest one.
- Copy Link
- Report Inappropriate Content
Hi @d0ugmac1
Thanks for posting in our business forum.
Will take this matter to the dev team for further analysis and testing.
- Copy Link
- Report Inappropriate Content
Hi @d0ugmac1
Thanks for posting in our business forum.
In our lab test, we have failed to reproduce this issue.
- Copy Link
- Report Inappropriate Content
Hi @d0ugmac1
Thank you so much for taking the time to post the issue on TP-Link community!
To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID241115924, please check your email box and ensure the support email is well received. Thanks!
Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.
Many thanks for your great cooperation and patience!
- Copy Link
- Report Inappropriate Content
Apologies for not mentioning that the sites were under controller management and not standalone. Each site is being managed by a 5.13.22 linux controller in a Docker container (running on various platforms, not that it matters). I didn't mention it initially as it was only the ER707 firmware that produced change, regardless, I have provided screen shots of my controller setups for the server and clients after getting the 'Cannot Recreate' note from the dev team. Looking forward to hearing back.
- Copy Link
- Report Inappropriate Content
** Dec9, 2024 **
I have tried the beta version 1.2.4, which lists as #2 bug fix a solution for an exception that occurs with policy routes and L2TP tunnels (which I have). No difference, tunnels still do not come up on firmware later than 1.2.2. I have provide access to the TPlink dev team to get in and have a look at the logs. Will update as things progress.
- Copy Link
- Report Inappropriate Content
To anyone who's concerned:
The new firmware of ER707-M2 has added a mechanism to verify the VPN characters and if you have anything beyond, the letter, number, and underscore(_), they will be considered invalid characters. A failure in the VPN connection ensued for this reason.
Remove the characters and save your VPN. Try again.
If you downgrade, remove the invalid characters and upgrade to the latest one.
- Copy Link
- Report Inappropriate Content
I can confirm that changing the VPN name from Site.1 to Site_1 that with 1.2.4 the VPN tunnels now come up. What I don't get is this was just a connection name in the configuration, that survived a half dozen fw updates on the original ER605v1 and at least 2 updates after being ported to the ER707M2 from when it was first created. Anyways, thanks for solving the mystery.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 378
Replies: 7
Voters 0
No one has voted for it yet.