fault with "IPSec Passthrough" switch

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

fault with "IPSec Passthrough" switch

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
fault with "IPSec Passthrough" switch
fault with "IPSec Passthrough" switch
2022-12-24 04:09:38
Model: Archer C80  
Hardware Version: V1
Firmware Version: 1.12.0 Build 221010 Rel.35508n(5553)

Hi there,

 

I setup a VPN in a LAN device, it works with firmware "Archer C80(US)_V1_1.11.0 Build 220425" when I turn off the "IPSec Passthrough" function.

 

However it does not work in the sequence firmware version. The error log from my LAN device is as below:

 

```

responding to Main Mode from unknown peer xx.xx.xx.xx:xxxx

sent Main Mode R1

retransmitting in response to duplicate packet; already STATE_MAIN_R1

retransmitting in response to duplicate packet; already STATE_MAIN_R1

retransmitting in response to duplicate packet; already STATE_MAIN_R1

deleting incomplete state after 60 seconds

deleting state (STATE_MAIN_R1) aged 60.001715s and NOT sending notification

```

 

Even worse, I now cannot downgrade to 0425 version. Any suggestions? either help me downgrade or release a fix soon.

  0      
  0      
#1
Options
3 Reply
Re:fault with "IPSec Passthrough" switch
2022-12-27 01:22:39

Hello @jetl 

 

Can you please confirm the following details, then we will try to figure it out together?

1. What kind of VPN server are you trying to connect to on the local PC?

2. Are there any other changes except for the C80 firmware upgrade? Are you still able to turn off the IPSec Passthrough on the latest 1.12.0 version?

3. Who is your internet provider? Is the WAN connection type on the C80 Dynamic IP?

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#2
Options
Re:fault with "IPSec Passthrough" switch
2022-12-27 02:26:04

  @Kevin_Z 

 

Hi Kevin,

 

Thanks for your reply. For your questions:

 

1. It is Cisco IPSec
2. No, later I can explain the detailed trace
3. Yes Dynamic, but its not the root cause, I am 100% sure.

 

The thing is that, in March 2022 I configured VPN on LAN server, and it worked when I connect with the IP provided by ISP.

 

Afterwards I upgraded to 1.11.0 Build 220425, then upgraded to 1.11.30 Build 220624. Because both the two firmware released in July right.

 

With 1.11.30 I found that VPN no longer worked, I tried to downgrade to 1.11.0 it worked again.

 

In the last weekend, I had nothing to do, thinking that even the latest 1.12.0 does not work, I can still downgrade to 0425 version. As I expected, VPN failed with 1.12.0.

 

But I did not expect that I cannot downgrade to 0425 :D. And then you got a new topic in this forum.


---

If you want to reproduce, do as following:

1. Intall https://github.com/hwdsl2/setup-ipsec-vpn
2. Use the latest firmware, turn off "IPSec Passthrough" and setup port forwarding: 500 and 4500, UDP or both UDP and TCP
3. Connect with IP provided by ISP. But it works if you connect with LAN IP

 

If you want to see how it worked:

1. Intall https://github.com/hwdsl2/setup-ipsec-vpn
2. Use 0425 firmware. turn off "IPSec Passthrough" and setup port forwarding
3. Connect


---

Incase you want to give some troubleshooting advices, below is what I tried.

1. Factory reset and downgrade firmware, failed.
2. Turn off other options, e.g. L2TP Passthrough and try different combinations. Failed.
3. Connect with LAN IP, 192.168.xx.xx, it works.

That is why I am 100% sure the problem is from firmware upgrade since 1.11.30

  0  
  0  
#3
Options
Re:fault with "IPSec Passthrough" switch
2022-12-27 03:06:33

@jetl 

 

Thank you very much for getting back with the detailed info.

 

To assist and figure it out efficiently, I'll forward your case to the TP-Link support engineers who will contact you with your registered email address later. Please pay attention to your email box for follow-up.
 

 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#4
Options