@Kevin_Z 

Hi Kevin,

Thanks for your reply. For your questions:

1. It is Cisco IPSec
2. No, later I can explain the detailed trace
3. Yes Dynamic, but its not the root cause, I am 100% sure.

The thing is that, in March 2022 I configured VPN on LAN server, and it worked when I connect with the IP provided by ISP.

Afterwards I upgraded to 1.11.0 Build 220425, then upgraded to 1.11.30 Build 220624. Because both the two firmware released in July right.

With 1.11.30 I found that VPN no longer worked, I tried to downgrade to 1.11.0 it worked again.

In the last weekend, I had nothing to do, thinking that even the latest 1.12.0 does not work, I can still downgrade to 0425 version. As I expected, VPN failed with 1.12.0.

But I did not expect that I cannot downgrade to 0425 :D. And then you got a new topic in this forum.

---

If you want to reproduce, do as following:

1. Intall https://github.com/hwdsl2/setup-ipsec-vpn
2. Use the latest firmware, turn off "IPSec Passthrough" and setup port forwarding: 500 and 4500, UDP or both UDP and TCP
3. Connect with IP provided by ISP. But it works if you connect with LAN IP

If you want to see how it worked:

1. Intall https://github.com/hwdsl2/setup-ipsec-vpn
2. Use 0425 firmware. turn off "IPSec Passthrough" and setup port forwarding
3. Connect

---

Incase you want to give some troubleshooting advices, below is what I tried.

1. Factory reset and downgrade firmware, failed.
2. Turn off other options, e.g. L2TP Passthrough and try different combinations. Failed.
3. Connect with LAN IP, 192.168.xx.xx, it works.

That is why I am 100% sure the problem is from firmware upgrade since 1.11.30