Thanks so much for posting this video! I followed the instructions posted by Ubiquiti for setting up a policy-based site-to-site VPN, and they're basically the same as your video. One difference, however, is your use of "any" for the local IP. I didn't know that was a possibility, and I must have had one of the local IPs wrong in my initial attempt. When I reconfigured both of my EdgeRouter Lites to use "any" as a local IP, a usable tunnel was established. Including the tip about the VPN wizard was nice, too - I didn't think to look there (I don't spend a whole lot of time in my routers). Again, a million thanks!
Hi Willie. Fabulous video, as usual. One problem i found (using V.2.0.9-hotfix.4) when completed - wizard said VPN up - but i could not ping remote router. Had to go into Wizard tree - vpn - ipsec and change allow-acces-to-local-interface from disable to enable. They has probably been a change in newer versions. Thank you.
Any issues with connecting site-to-site VPN with version 2.0.9? I upgraded from 1.10.11 and it broke it. would you be able to confirm this so I am not losing my mind?
Hello Willie, many hanks to all your Ubiquiti Videos - the helped me a lot :-) Yet I've a the problem, that the Site to Site VPN shows status up, but I cannot reach host and the EdgeRouter on the other side. So I think I have to adopt some rules? Thanks for any comments and help. Paul
Willie...this video is helpful, however I am only able to get it to work when the default firewall is disabled. Are there some set of additional firewall commands that I must enter to enable the IPSEC VPN tunnel to work. The status is UP, but I can not ping the gateway address of the remote router. THANKS. FYI..I am using ER-4s at both sites.
Hi Willie. I tried your video on 2 of my edgerouter x v.1.10.6 routers. I could not me able to make the VPN connection UP. any ideas? Thank you for your time.
Hi Willie, what could be the problem if i established VPN between sites correctly but i can´t reach remote subnet ip from local subnet? I configured ipsec site to site between UTM Checkpoint and EdgeRouter ER-X.
hello great video , but i have two edgerouter er8 one are configured by other guy and now i haved , and configure that you said but the status stikll down , please wht dou you recomended to check ??
Keep going Willie, very nice video. Why you should add peers in both sides ? most vpn, in the main branch only you have to configure static IP or ddyn and the other branches point to the main branch?!
Hi Willie, first of all THANK YOU for your video, its really helpful and informative since I deploy ER to our SMB Company. I follow your instructions and upon checking the site to site vpn is working on my ER4 and ER6 on different location, however, I cannot access the sources of the server behind the ER4 not to mention access both routers ip, can you help me solve this? again, thank you and more power to you and to your channel
Hi Willie, Love your Videos. Hey, I am having an issue with my EdgeRouter 4. i was connecting with an old Cisco RV08 and since, replaced the old cisco with another ER4. For some reason, I simply cannot connect with it from my home office. I used the simple steps in your video and this tunnel simply will not come up. I insured all the VPN settings were deleted (used Config Tree). My log continually gets these 2 lines over and over . Thanks for your help!!! Mar 5 12:10:02 00[DMN] signal of type SIGINT received. Shutting down Mar 5 12:10:04 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.9.79-UBNT, mips64)
Followed your directions exactly, the VPN Wizard shows VPN down. When doing a CLI interface vpn status, it shows it is running but no active tunnel. Thanks, Ted
Followed this exactly to connect 2 ER4s, one is on a static IP and the other I’m using DDNS. Can not establish connection, actually can’t even ping the remote router from each location. What am I doing wrong?
He willie, great video. Can you make a video for a Client-to-site VPN on the USG for home networks? In my case i need an extra NAT router in front of my USG, due to my ISP.
Willie I have followed your IPsec Site-to-Site instructions between two EdgeRouterX's and I can't seem to get the VPN status to UP. Any help would be appreciated
I have a small live-aboard boat which has an EdgeRouter POE connected through cellular connection. I'd like to set up a VPN to my home network EdgeRouter which has fully qualified domain name by DynDNS. The cellular connection doesn't have public IP address (NAT taking place). DynDNS won't work for cellular due to NAT. Is it possible to setup a VPN between the EdgeRouters with this setup?
I got the VPN tunnel up on both sides but traffic isn't flowing. Attempted to both from both sides with no luck. Even added firewall rule on WAN_LOCAL to allow all protocols. Set source and destination. Disabled logging. Match inbound IPsec packets. Still nothing. Also made sure to be on two different subnets: .1 and .2.
I have an EdgeRouter at home and office. I have currently configured both of them for remote access through L2TP VPN. One Router is on PPPOE and the other is getting WAN IP through dhcp. I am able to connect to both the routers remotely using VPN both from my phone & Windows machines. When I follow the procedure for setting up site to site VPN between these two sites, the VPN status stays down. Do I need to remove the existing L2TP over IPSEC VPN settings before taking this route?
Willie, thanks for the video. Is there a limitation to using site-to-site vpn with VLANs? I can't get this working for 2 of our locations. 1 is using and edgerouter POE and the other is using the Edgerouter ER-8. The subnet on the POE is to a VLAN. The wizard shows the tunnel is down and show vpn ipsec sa doesn't return anything at all.
Hey Willie! I am setting up a site to site between two Edgerouters. These are connected only to ISP routers, which connects to the internet (still a working router). I have forwarded UDP port 500 and 4500 on both ISP routers. But the VPN is still down. Got any ideas?
My ISP is giving me a DHCP address but Im using a USG with dual WANs and if I throw VOIP box in there, I don't feel the need to pay for 3 IPs because.. I simply threw a switch in there ( between the cable modem and the router/VOIP) and VOILA.. each device gets a separate IP. Comcast technical support said this is not possible and was flummoxed when they were trying to troubleshoot my line connection. but the reality is Comcast gives you up to 5 DHCP IP addresses on a commercial account. VPNs still work as long as your router can resolve Dynamic DNS addresses.
Hey Willie, great video as usual. I have a question. I have a L2TP vpn set up on my egdgerouter Pro 8 in the U.K., this was set up using CLI. If I follow your video, with my edgerouter Pro 8 in the U.K. and my edgerouter X in the USA will the L2TP vpn settings, set up via CLI, be overwritten? I am concerned re the warning re CLI that accompanies the site 2 site setup. Thanks Peter
hey peter... I have configured L2TP VPN's before as well, using CLI. and if you do this, the settings will not show up in the GUI, you can only view the L2TP VPN settings from the CLI. Then, if you decide to add Site-to-Site VPN's using the GUI, that will not remove or overwrite your L2TP VPN you entered from CLI. I have added L2TP from CLI and Site-to-Site using GUI. they are both displayed if you run "show configuration all" in CLI... NOTE: If you want to be sure your changes can be undone, just make a backup configuration before making changes, click System tab on the bottom, then "download backup config file"
Have you tried VPN IPsec site to site between Edge ROuter X and other brand? Im trying with edgerouter x and checkpoint and it doesn't work, vpn status is UP but if i do tracert it doesn't reach remote subnet, apparently it doesn't apply automatically firewall rules.
I've connected my EdgeRouters via VPN, everything works, I can Access devices on the other side of tunnell, but i can't Access router on the other side. Anyone had problem like that?
great video willie, question though! as this is VPN tunneling between internal LANS is there a way to set a command by CLI that after it tunnels to the remote site it uses that WAN out to the internet? Example i am overseas and have edge routers abroad and in the US and often times to do shopping i use VPN client directly to the VPN on the US side but it would be nice to have a more permanent connection for everything on the LAN overseas that can just go out through the State side Router or Vice Versa to eliminate establishing separate connections per device through the Stateside router. Any ideas?
Hi, after following the instructions I have the VPN up ( in de VP Wizard is says "up". Can someone think of why I can not ping to the other lan on the other site? I started over en did all the setting standard. It seems that the request goes to the (lab)internet instead of the VPNtunnel ?
Thanks for the great video! I've already setup IPsec between my 2 edgerouter x. Is it possible to add a new user so I can connect from my android device to one of the routers while also keeping the site-to-site connection?
If you are referring to users for the Edgerouter then yes, you can add users under the "Users" tab, then "Local" sub-tab, you can add users and assign them admin or operator role/rights
Hi Guys,newby on vpn stuff.I need your help please. So if you have two physical locations and a router on a stick configuration,both locations have a modem that have static public ip adress you got from your ISP right ? Now if you're setting up a vpn between two locations,wouldn't that mean that somewhere in the router you would have to tell each router the public ip of each routers ? I mean In router A you would configure router B public ip and vice versa ? I'm a bit lost because how would these two locations know in the first place to communicate with each other through vpn if you do not use the modems public ip ? I have not seen that in this video. Can anyone help out please ? Cheers
@@WillieHowe Thank you for your reply! I will give it a go this week with one of my clients. I will comment back on what I find out. Thank you for your years of content, can't say how many videos of yours I have watched and how many of them have helped me out.
I wasn't able to get this to work. I have a static IP on my end and could not ping it from my clients end. I will have to research why this is. I can remote in to the PC then connect to the device on their browser, but would prefer the VPN.
will this router be able to block vpn connections? - for example, if I install a chrome vpn plugin, will I be able to go to any site I want or will this router block that connection? - I ask because I use OpenDns on my router and it blocks porn sites, but If I run a vpn in chrome, it completely bypasses the router's dns.. even when blocking port 53.
The 10. and 172. WAN IPs should not be used. Use your actual WAN IPs for the two networks you are trying to bridge. Also use your local LAN IPs. Unless your LAN is configured exactly like the example above, you need to use the IPs of your respective LAN on each end.
Hi Thanks for your videos It's required modem Internet connection are bridge mode both location? what you mean by peer? Is it modem ip adress? Or Internet ip?
When you connect from a client to a server on the other side, what is the source IP seen by that server? Does that server think the client's source IP is on its own local LAN?
How can I reach that server on the other side with a NATed source IP address? I need that server to think that the connected client belongs to its own LAN.
I've followed this video to a tee and I'm still unable to successfully connect my ER-X (1.9.1.1) to my friends Edgerouter ER‑X‑SFP (1.9.1.1) Tunnel is never established, verified our info is correct. Any advice?
David Wagner David, I actually found out that I had to use static IP's, that was the issue. Can't to my knowledge use a FQDN to connect site to site. I ended up using OpenVPN, which DOES support FQDN, loving it.
Ive found this vpn not to be totally reliable. I have 4 sites connected via IPSec VPN all with edge router lites. All of the sites drop occasionally throughout the day. Never could figure out why.
I use an EdgeRouterX SFP and 2 USGs(one smal one Pro) as well as a EdgeRouterX non SFP, the 2 USGs and the non SFP Edge Router all connect to the ERX-SFP and it works great, except the Hardware offload that is a bit Buggy at the Moment. But it is setup via CLI and includes GRE and OSPF. These Routers are awesome for the price!
Willie I have followed your IPsec Site-to-Site instructions between two EdgeRouterX's and I can't seem to get the VPN status to UP. Any help would be appreciated
Thanks so much for posting this video! I followed the instructions posted by Ubiquiti for setting up a policy-based site-to-site VPN, and they're basically the same as your video. One difference, however, is your use of "any" for the local IP. I didn't know that was a possibility, and I must have had one of the local IPs wrong in my initial attempt. When I reconfigured both of my EdgeRouter Lites to use "any" as a local IP, a usable tunnel was established. Including the tip about the VPN wizard was nice, too - I didn't think to look there (I don't spend a whole lot of time in my routers). Again, a million thanks!
Is the first time I access your channel, this is a very good video. Thank you so much for sharing that!!!
Great video! There are always dopes that vote something down because they have mental issues. I think you did a great job! Keep up the good work!
Hi Willie. Fabulous video, as usual. One problem i found (using V.2.0.9-hotfix.4) when completed - wizard said VPN up - but i could not ping remote router. Had to go into Wizard tree - vpn - ipsec and change allow-acces-to-local-interface from disable to enable. They has probably been a change in newer versions. Thank you.
Nice Video. As ipv4 is more and more replaced by ipv6 internet accesses, what about a VPN tunnel over ipv6 whereas the local networks still use ipv4?
Any issues with connecting site-to-site VPN with version 2.0.9? I upgraded from 1.10.11 and it broke it. would you be able to confirm this so I am not losing my mind?
Keep up the good work Willie. Really looking forward to the USG to EdgeOs video. Keep it up.
I'm trying to set this up from Edgerouter to Draytek 2925 and having loads of issues, could you provide a tutorial or some guidance on this?
Hello Willie, many hanks to all your Ubiquiti Videos - the helped me a lot :-) Yet I've a the problem, that the Site to Site VPN shows status up, but I cannot reach host and the EdgeRouter on the other side. So I think I have to adopt some rules? Thanks for any comments and help. Paul
Willie...this video is helpful, however I am only able to get it to work when the default firewall is disabled. Are there some set of additional firewall commands that I must enter to enable the IPSEC VPN tunnel to work. The status is UP, but I can not ping the gateway address of the remote router. THANKS. FYI..I am using ER-4s at both sites.
Hi Willie. I tried your video on 2 of my edgerouter x v.1.10.6 routers. I could not me able to make the VPN connection UP. any ideas? Thank you for your time.
Keep up the good work, appreciate these videos Willie!!
Hi Willie, what could be the problem if i established VPN between sites correctly but i can´t reach remote subnet ip from local subnet? I configured ipsec site to site between UTM Checkpoint and EdgeRouter ER-X.
Sir willie, where did you get the peer 10.10.10.2 and the other one 172.16.1.2?
Are they from the WAN address?
hello great video , but i have two edgerouter er8 one are configured by other guy and now i haved , and configure that you said but the status stikll down , please wht dou you recomended to check ??
Keep going Willie, very nice video.
Why you should add peers in both sides ? most vpn, in the main branch only you have to configure static IP or ddyn and the other branches point to the main branch?!
Hi Willie, first of all THANK YOU for your video, its really helpful and informative since I deploy ER to our SMB Company.
I follow your instructions and upon checking the site to site vpn is working on my ER4 and ER6 on different location, however, I cannot access the sources of the server behind the ER4 not to mention access both routers ip, can you help me solve this?
again, thank you and more power to you and to your channel
Great Video, works flawless with my fqdn. My home is DHCP using google domains DDNS which works flawless also. Thanks again.
Great comment, I'm looking to do exactly this at a remote site that has a dynamic address. Wasn't sure if it was possible to use a DDNS name.
I noticed you had a bridge set up. Is this one of the wizard setups? Can you explain if the and how the bridging might be necessary?
Hi Willy how would I go around doing this if the routers have all the same settings just different public ip
Great Video Wille! Is this reasonably secure? Do I need to know anything else where security for this VPN is concerned?
Hi Willie, Love your Videos. Hey, I am having an issue with my EdgeRouter 4. i was connecting with an old Cisco RV08 and since, replaced the old cisco with another ER4. For some reason, I simply cannot connect with it from my home office. I used the simple steps in your video and this tunnel simply will not come up. I insured all the VPN settings were deleted (used Config Tree). My log continually gets these 2 lines over and over . Thanks for your help!!! Mar 5 12:10:02 00[DMN] signal of type SIGINT received. Shutting down
Mar 5 12:10:04 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.9.79-UBNT, mips64)
Followed your directions exactly, the VPN Wizard shows VPN down. When doing a CLI interface vpn status, it shows it is running but no active tunnel. Thanks,
Ted
Thanks so much. How reliable are EdgeMax site-to-site VPN's? Will they automatically reconnect if they break?
If configured with dpd or if there's interesting traffic it should reconnect. We've had sites running since before that video with no issues.
Router being used is edgerouter, but who is VPN service provider? Like NORDVPN, etc.
Great Video Sir! Question if you have Duel WANs will this work also? Or do you need to tell the router which want to use in setting up the vpn?
What kind of VPN speeds do you get between sites? I am only getting about 15-20 mbps over my vpn and my ISP is much faster than that.
Followed this exactly to connect 2 ER4s, one is on a static IP and the other I’m using DDNS. Can not establish connection, actually can’t even ping the remote router from each location. What am I doing wrong?
He willie, great video. Can you make a video for a Client-to-site VPN on the USG for home networks? In my case i need an extra NAT router in front of my USG, due to my ISP.
Willie I have followed your IPsec Site-to-Site instructions between two EdgeRouterX's and I can't seem to get the VPN status to UP. Any help would be appreciated
I have a small live-aboard boat which has an EdgeRouter POE connected through cellular connection. I'd like to set up a VPN to my home network EdgeRouter which has fully qualified domain name by DynDNS. The cellular connection doesn't have public IP address (NAT taking place). DynDNS won't work for cellular due to NAT. Is it possible to setup a VPN between the EdgeRouters with this setup?
I got the VPN tunnel up on both sides but traffic isn't flowing. Attempted to both from both sides with no luck. Even added firewall rule on WAN_LOCAL to allow all protocols. Set source and destination. Disabled logging. Match inbound IPsec packets. Still nothing. Also made sure to be on two different subnets: .1 and .2.
I have an EdgeRouter at home and office. I have currently configured both of them for remote access through L2TP VPN. One Router is on PPPOE and the other is getting WAN IP through dhcp. I am able to connect to both the routers remotely using VPN both from my phone & Windows machines.
When I follow the procedure for setting up site to site VPN between these two sites, the VPN status stays down. Do I need to remove the existing L2TP over IPSEC VPN settings before taking this route?
Willie, thanks for the video. Is there a limitation to using site-to-site vpn with VLANs? I can't get this working for 2 of our locations. 1 is using and edgerouter POE and the other is using the Edgerouter ER-8. The subnet on the POE is to a VLAN. The wizard shows the tunnel is down and show vpn ipsec sa doesn't return anything at all.
hi,
can i use by local IP dyndns?
if i use any i cant connect to pfsense
Hey Willie! I am setting up a site to site between two Edgerouters. These are connected only to ISP routers, which connects to the internet (still a working router). I have forwarded UDP port 500 and 4500 on both ISP routers. But the VPN is still down. Got any ideas?
My ISP is giving me a DHCP address but Im using a USG with dual WANs and if I throw VOIP box in there, I don't feel the need to pay for 3 IPs because.. I simply threw a switch in there ( between the cable modem and the router/VOIP) and VOILA.. each device gets a separate IP. Comcast technical support said this is not possible and was flummoxed when they were trying to troubleshoot my line connection. but the reality is Comcast gives you up to 5 DHCP IP addresses on a commercial account. VPNs still work as long as your router can resolve Dynamic DNS addresses.
Hey Willie, great video as usual. I have a question. I have a L2TP vpn set up on my egdgerouter Pro 8 in the U.K., this was set up using CLI. If I follow your video, with my edgerouter Pro 8 in the U.K. and my edgerouter X in the USA will the L2TP vpn settings, set up via CLI, be overwritten? I am concerned re the warning re CLI that accompanies the site 2 site setup. Thanks Peter
hey peter... I have configured L2TP VPN's before as well, using CLI. and if you do this, the settings will not show up in the GUI, you can only view the L2TP VPN settings from the CLI.
Then, if you decide to add Site-to-Site VPN's using the GUI, that will not remove or overwrite your L2TP VPN you entered from CLI.
I have added L2TP from CLI and Site-to-Site using GUI. they are both displayed if you run "show configuration all" in CLI...
NOTE: If you want to be sure your changes can be undone, just make a backup configuration before making changes, click System tab on the bottom, then "download backup config file"
Have you tried VPN IPsec site to site between Edge ROuter X and other brand? Im trying with edgerouter x and checkpoint and it doesn't work, vpn status is UP but if i do tracert it doesn't reach remote subnet, apparently it doesn't apply automatically firewall rules.
great video. I await a video on how to create a GRE-Bridge with ipsec, to maintain the same subnet
I've connected my EdgeRouters via VPN, everything works, I can Access devices on the other side of tunnell, but i can't Access router on the other side. Anyone had problem like that?
Hi! If I have a NAS on one network and my computer on the other one can I acess the NAS over the standard Windows File explorer?
I need to setup a site to site vpn. 3 locations connecting main locationzs connecting to main. Which appliances do you suggest from ubiquity
Hey Willie, thanks for this video, is it possible to config an EdgeRouter VPN to Unifi USG?
If so how would you go about doing that?
great video willie, question though! as this is VPN tunneling between internal LANS is there a way to set a command by CLI that after it tunnels to the remote site it uses that WAN out to the internet? Example i am overseas and have edge routers abroad and in the US and often times to do shopping i use VPN client directly to the VPN on the US side but it would be nice to have a more permanent connection for everything on the LAN overseas that can just go out through the State side Router or Vice Versa to eliminate establishing separate connections per device through the Stateside router. Any ideas?
Fantastic! i look forward to the next steps
Hi, after following the instructions I have the VPN up ( in de VP Wizard is says "up". Can someone think of why I can not ping to the other lan on the other site? I started over en did all the setting standard. It seems that the request goes to the (lab)internet instead of the VPNtunnel ?
Do we have to open ports 500 and 4500, to get IPsec vpn to work correctly? My status always shows down....
Thanks for the great video! I've already setup IPsec between my 2 edgerouter x. Is it possible to add a new user so I can connect from my android device to one of the routers while also keeping the site-to-site connection?
If you are referring to users for the Edgerouter then yes, you can add users under the "Users" tab, then "Local" sub-tab, you can add users and assign them admin or operator role/rights
Hi Guys,newby on vpn stuff.I need your help please. So if you have two physical locations and a router on a stick configuration,both locations have a modem that have static public ip adress you got from your ISP right ? Now if you're setting up a vpn between two locations,wouldn't that mean that somewhere in the router you would have to tell each router the public ip of each routers ? I mean In router A you would configure router B public ip and vice versa ? I'm a bit lost because how would these two locations know in the first place to communicate with each other through vpn if you do not use the modems public ip ? I have not seen that in this video.
Can anyone help out please ?
Cheers
both edgerouters can be different models right?
what if i have a fiber optic connection? is there an edgerouter that can do it?
Hi Willie, not sure if you are monitoring this because its from 2017, but would this work if the ERs had RSS Keys?
@@WillieHowe Thank you for your reply! I will give it a go this week with one of my clients. I will comment back on what I find out. Thank you for your years of content, can't say how many videos of yours I have watched and how many of them have helped me out.
I wasn't able to get this to work. I have a static IP on my end and could not ping it from my clients end. I will have to research why this is. I can remote in to the PC then connect to the device on their browser, but would prefer the VPN.
will this router be able to block vpn connections? - for example, if I install a chrome vpn plugin, will I be able to go to any site I want or will this router block that connection? - I ask because I use OpenDns on my router and it blocks porn sites, but If I run a vpn in chrome, it completely bypasses the router's dns.. even when blocking port 53.
EdgeMAX v1.10.11
ping keeps saying “Destination net unreachable”. Also does a “Request timed out” once in a while :-(
Can anyone help? :-)
Is it possible to set this up via ssh?
Did not work for me... followed the steps exactly but couldn't get it to work...
Same here. :(
The 10. and 172. WAN IPs should not be used.
Use your actual WAN IPs for the two networks you are trying to bridge.
Also use your local LAN IPs. Unless your LAN is configured exactly like the example above, you need to use the IPs of your respective LAN on each end.
@@mra.cortez3553 See the first comment above. It may help.
What is the site 2 site performance of erpro-8?
Are you allowed to have the same subnet on both ends?
Not with this setup.
@@WillieHowe thanks. You're a stud
Hello Weillie,
Im setup use your video, my vpn channel down. Do you can help me?
Do we need firewall config to do this?
What is the max speed it can achieve??
Thank you for the awesome video!
great video, cau u help me to do that ? thanks
Hi
Thanks for your videos
It's required modem Internet connection are bridge mode both location?
what you mean by peer?
Is it modem ip adress?
Or
Internet ip?
But what if one of the sites is behind a NAT? :P
Excellent video!!
We have a problem with IPSEC VPN with Multiple WAN Interface. The response is going over balance, to any WAN interface is a mess...
Marcos try to make a static route for remote LAN, so the trafic will go through the interface which you choose in the static route.
When you connect from a client to a server on the other side, what is the source IP seen by that server? Does that server think the client's source IP is on its own local LAN?
How can I reach that server on the other side with a NATed source IP address? I need that server to think that the connected client belongs to its own LAN.
So it's not possible by adding a source NAT rule?
Thanks for your insights @@WillieHowe .
Great as always
Love it. Thank you.
hi,
perfect video.
hey willie, do you know how setup PIA with OpenVPN in USG??? I see a lots videos for egderouter but I need for do in USG.
I've followed this video to a tee and I'm still unable to successfully connect my ER-X (1.9.1.1) to my friends Edgerouter ER‑X‑SFP (1.9.1.1) Tunnel is never established, verified our info is correct. Any advice?
Hey Willie! You'll have to excuse my ignorance. When you say live, what are you referring to? Both our Public IP's are accurate and active.
This has actually been resolved. We had to turn off PFS. Linked up immediately after that.
You mean SFP, right? ;)
Just asking for sure, because we have problem with ER-X (without SFP).
I am having the same issues, where did you turn this off at in the edge? Thanks
David Wagner David, I actually found out that I had to use static IP's, that was the issue. Can't to my knowledge use a FQDN to connect site to site.
I ended up using OpenVPN, which DOES support FQDN, loving it.
Ive found this vpn not to be totally reliable. I have 4 sites connected via IPSec VPN all with edge router lites. All of the sites drop occasionally throughout the day. Never could figure out why.
I use an EdgeRouterX SFP and 2 USGs(one smal one Pro) as well as a EdgeRouterX non SFP, the 2 USGs and the non SFP Edge Router all connect to the ERX-SFP and it works great, except the Hardware offload that is a bit Buggy at the Moment. But it is setup via CLI and includes GRE and OSPF. These Routers are awesome for the price!
I've looked through them but could not decipher what might be causing the issue...
Google have free service for ddns? I use dyndns but it's not free.
Try also duckdns.org or freedns.afraid.org. They are free and working great.
great vid
Anybody ever ran a site to site VPN between an ER and Cisco ASA?
Yes.
@@WillieHowe Do you have a tutorial on that?
Willie I have followed your IPsec Site-to-Site instructions between two EdgeRouterX's and I can't seem to get the VPN status to UP. Any help would be appreciated
I have the same issue, it never goes to up status. I even added in Firewall rules for IKE, NAT-T, esp. no luck, did you get this working?