Business Community > Controllers > Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today
< Controllers

Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today

123

Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today

28 Reply
Re:Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today
2 weeks ago - last edited 2 weeks ago

  @Sadiqus 

 

support@tp-link.com

 

It's the weekend so you probably won't get any answers until Monday.

 

Use this thread as a reference so you don't have to rewrite everything :-)

 

  0  
  0  
#12
Options
Re:Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today
2 weeks ago
Thanks
Omada Hardware Controller OC200 1.0: FW: 1.31.3 Router : ER706W v1.0 : FW : 1.1.2 Switch : TL-SG2008 V4_4.20.0 and TL-SG108E V5_20191021 AP: EAP610 V3_1.4.3 and TL-WA801N V6_200116
  0  
  0  
#13
Options
Re:Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today
2 weeks ago

Hi  @Sadiqus 

 

First, please let us know the following to understand your VPN config:

1. did you create IPsec tunnel for all the 4 sites, and all of them can communicate with each other? 

2. Is the Internet of the 4 sites still working?

3. Go to Insighs > VPN Status, are the VPN tunnels still showing on this page?

4. Did there any change on the outbound IP addresses of the four sites?

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#14
Options
Re:Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today
2 weeks ago - last edited 2 weeks ago

  @Vincent-TP 

1. So, on the OC200 controller (2 locations) I have a connection (tunnel) with the second location and a second connection with location 3 (which is on another controller, it is a software controller that has 2 managed locations), on the second controller (software) I have a connection with location 4 which is on the same controller. 

2. Yes, the internet works perfectly in all 4 locations.

3. On Insights>VPN Status doesn't show any connection just like in your screenshot. 

4. There were no changes to IPs, I have 4 fixed IPs from my ISP.  

I hope this outline will make you understand better. 

 

Omada Hardware Controller OC200 1.0: FW: 1.31.3 Router : ER706W v1.0 : FW : 1.1.2 Switch : TL-SG2008 V4_4.20.0 and TL-SG108E V5_20191021 AP: EAP610 V3_1.4.3 and TL-WA801N V6_200116
  0  
  0  
#15
Options
Re:Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today
2 weeks ago

  @Sadiqus 

Thank you so much for taking the time to post the issue on TP-Link community!
To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID250216447, please check your email box and ensure the support email is well received. Thanks!
Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.
Many thanks for your great cooperation and patience!

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#16
Options
Re:Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today
a week ago - last edited a week ago

@Vincent-TP @MR.S 
Over the weekend it only came back from one direction, the connection appears at Insights>VPN Status, but sometimes it only works from one direction, sometimes not at all. also started to appear in the logs: Gateway IPsec Module Information    
WAN2: Lifetime of the SA created in phase 1 of IKE negotiation expired. (Peers=94.53.244.211&lt;-&gt;94.53.106.244)
Feb 10, 2025 10:31:21    

Gateway IPsec Module Information    
WAN2: Lifetime of the SA created in phase 2 of IKE negotiation expired. (Peers=94.53.244.211&lt;-&gt;94.53.106.244, SPI=3244311518)
Feb 10, 2025 10:31:14 
or like:  
Gateway IPsec Module Information    
WAN2: Phase 1 of IKE negotiation failed. (Peers=94.53.244.211&lt;-&gt;94.53.231.180, Error=14)
Feb 09, 2025 09:48:06    

Gateway IPsec Module Information    
WAN2: Phase 1 of IKE negotiation failed. (Peers=94.53.244.211&lt;-&gt;94.53.231.180, Error=14)
Feb 09, 2025 09:48:04
Gateway IPsec Module Information    
WAN2: IPsec connection was disconnected passively. (Peers=94.53.244.211&lt;-&gt;94.53.231.180)
Feb 09, 2025 09:59:50
Gateway IPsec Module Information    
WAN2: Enable DPD successfully. (DPD-Interval=30, Peers=94.53.244.211&lt;-&gt;94.53.231.180)
Feb 09, 2025 09:49:41

Omada Hardware Controller OC200 1.0: FW: 1.31.3 Router : ER706W v1.0 : FW : 1.1.2 Switch : TL-SG2008 V4_4.20.0 and TL-SG108E V5_20191021 AP: EAP610 V3_1.4.3 and TL-WA801N V6_200116
  0  
  0  
#17
Options
Re:Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today
a week ago

  @Sadiqus 

 

to me it seems like it's wrong Pre-Shared Key or proposal settings. try setting up the tunnel like this on both sides. let both be initiator

 

 

 

Make sure you have configured local network on remote network correctly on both sites.

double check that the Pre-Shared Key is the same on both sites

 

 

 

 

 

 

 

  0  
  0  
#18
Options
Re:Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today
a week ago - last edited a week ago

  @MR.S 

it's not connecting, both are initiator
 

Gateway IPsec Module Information

WAN2: Phase 2 of IKE negotiation failed. (Peers=94.53.244.211&lt;-&gt;94.53.231.180, Error=14)

 Feb 10, 2025 15:08:08  
Gateway IPsec Module Information

WAN2: Phase 2 of IKE negotiation failed. (Peers=94.53.244.211&lt;-&gt;94.53.231.180, Error=14)

 Feb 10, 2025 15:08:06  
Gateway IPsec Module Information

WAN2: Phase 2 of IKE negotiation failed. (Peers=94.53.244.211&lt;-&gt;94.53.231.180, Error=14)

 Feb 10, 2025 15:06:20  
Gateway IPsec Module Information

WAN2: Phase 2 of IKE negotiation failed. (Peers=94.53.244.211&lt;-&gt;94.53.231.180, Error=14)

 Feb 10, 2025 15:05:44  
Gateway IPsec Module Information

WAN2: Phase 2 of IKE negotiation failed. (Peers=94.53.244.211&lt;-&gt;94.53.231.180, Error=14)

 Feb 10, 2025 15:04:49  
Gateway IPsec Module Information

WAN2: Phase 2 of IKE negotiation failed. (Peers=94.53.244.211&lt;-&gt;94.53.231.180, Error=14)

 Feb 10, 2025 15:04:12  
Gateway IPsec Module Information

WAN2: Phase 2 of IKE negotiation failed. (Peers=94.53.244.211&lt;-&gt;94.53.231.180, Error=14)

 Feb 10, 2025 15:03:19
Omada Hardware Controller OC200 1.0: FW: 1.31.3 Router : ER706W v1.0 : FW : 1.1.2 Switch : TL-SG2008 V4_4.20.0 and TL-SG108E V5_20191021 AP: EAP610 V3_1.4.3 and TL-WA801N V6_200116
  0  
  0  
#19
Options
Re:Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today
a week ago

  @Sadiqus 

 

this won't work, it has to be the same on both

 

 

 

  0  
  0  
#20
Options
Re:Ipsec VPN site-to-site it doesn't work anymore, it doesn't connect anymore from today
a week ago - last edited a week ago

  @MR.S 

I have seen the error but i corect it! still nothing no connection!

Omada Hardware Controller OC200 1.0: FW: 1.31.3 Router : ER706W v1.0 : FW : 1.1.2 Switch : TL-SG2008 V4_4.20.0 and TL-SG108E V5_20191021 AP: EAP610 V3_1.4.3 and TL-WA801N V6_200116
  0  
  0  
#21
Options
123

Tags

VPN Controller VLAN & Multi-Networks
IPSec
Related Articles
two sites and two controllers - how to do site to site VPN?
477 0
Discovery of Access Points over Site-to-Site VPN
418 0
Site-to-site VPN with one OC300 and Internet Gateway in DMZ
561 0
 Site to site IPSec vpn
1148 5
3 Sites connect via ipsec site-to-site vpn
548 0
Microsoft Azure Site to Site IPSEC VPN with TL-R600VPN
4797 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.