VPN orchestrator with Vodafone Sim
Hi
we have this setup
all devices are in Nebula
Head office
ATP500 on Leased Line
Shops
1 x FWA510 (nebula)
1 x USG Flex 200
1 x GS1920-8HP
Broadband connects to the USG and Sim in FWA510
all shops connect to the head office using the VPN Orchestrator
The Problem
if we put an EE, O2 or three (these are just the sims we have access to) Sim in the FWA510 then the VPN comes up straight away with no problems.
if we put a Vodafone UK sim in the FWA510 then the VPN never connects. it seems to go through the negotiation but at the very last part it doesn't get a response back from the ATP500 and then starts the negotiation again.
This only happens with a Vodafone sim, we are a bit stumped, we can't ignore this as the client has a contract with Vodafone so they want to get this working.
they do have some meraki kit that that uses the Vodafone sim and they connect fine, so it seems to be limited to vodafone and Zyxel
I am sure I have logged a support call about it before but they couldn't find anything wrong on the Zyxel end.
I am mainly wondering if anyone has got this working with Vodafone or has a similar problem.
All Replies
-
@Tom_FT Welcome to Zyxel community!
May I know more detailed information about the negotiation when using the Vodafone sim? Did you capture the packets while negotiation?
Moreover, please provide the org/site via private message, thanks
0 -
Hi, I have done a packet capture in the past, I'll see if I can find it. we don't have the kit in this setup at the moment as we had to get it to site but I am getting a test kit in the next few days so we can keep testing it.
this is what we see in the logs when it's not working
2023-07-28 09:35:53VPN192.168.1.15180.209.xxx.xx[AUTH] Send:[IDi][CERT][CERTREQ][IDr][AUTH][SAi2][TSi][TSr][NOTIFY][NOTIFY][NOTIFY][NOTIFY]
2023-07-28 09:35:51VPN80.209.xxx.xx192.168.1.151[INIT] Recv:[SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][CERTREQ][VID][VID][VID][VID][VID][VID]
2023-07-28 09:35:51VPN192.168.1.15180.209.xxx.xx[INIT] Send:[SAi1][KE][NONCE][NOTIFY][NOTIFY][VID][VID][VID][VID][VID]
2023-07-28 09:35:51VPN192.168.1.15180.209.xxx.xxTunnel[SA_D8ECE5BFCE67_10:SA_D8ECE5BFCE67_10] Send IKEv2 request
2023-07-28 09:35:51VPN192.168.1.15180.209.xxx.xxThe cookie pair is : 0xafbe4ba71531aa80 / 0x0000000000000000
2023-07-28 09:35:19VPN192.168.1.15180.209.xxx.xxPeer not reachable
2023-07-28 09:35:19VPN192.168.1.15180.209.xxx.xxIKE SA [SA_D8ECE5BFCE67_10] is disconnected
2023-07-28 09:33:47VPN192.168.1.15180.209.xxx.xx[AUTH] Send:[IDi][CERT][CERTREQ][IDr][AUTH][SAi2][TSi][TSr][NOTIFY][NOTIFY][NOTIFY][NOTIFY]
2023-07-28 09:33:46VPN80.209.xxx.xx192.168.1.151[INIT] Recv:[SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][CERTREQ][VID][VID][VID][VID][VID][VID]
2023-07-28 09:33:45VPN192.168.1.15180.209.xxx.xxTunnel[SA_D8ECE5BFCE67_10:SA_D8ECE5BFCE67_10] Send IKEv2 request
2023-07-28 09:33:45VPN192.168.1.15180.209.xxx.xxThe cookie pair is : 0xe19c28ff3a4b18c7 / 0x0000000000000000
2023-07-28 09:33:45VPN192.168.1.15180.209.xxx.xx[INIT] Send:[SAi1][KE][NONCE][NOTIFY][NOTIFY][VID][VID][VID][VID][VID]
2023-07-28 09:33:45VPN192.168.1.15180.209.xxx.xxThe cookie pair is : 0xe19c28ff3a4b18c7 / 0x0000000000000000
2023-07-28 09:33:19VPN192.168.1.15180.209.xxx.xxIKE SA [SA_D8ECE5BFCE67_10] is disconnected
2023-07-28 09:31:48VPN192.168.1.15180.209.xxx.xx[AUTH] Send:[IDi][CERT][CERTREQ][IDr][AUTH][SAi2][TSi][TSr][NOTIFY][NOTIFY][NOTIFY][NOTIFY]
2023-07-28 09:31:46VPN80.209.xxx.xx192.168.1.151[INIT] Recv:[SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][CERTREQ][VID][VID][VID][VID][VID][VID]
2023-07-28 09:31:46VPN192.168.1.15180.209.xxx.xxThe cookie pair is : 0xbd42c44606422f78 / 0x0000000000000000
2023-07-28 09:31:46VPN192.168.1.15180.209.xxx.xxTunnel[SA_D8ECE5BFCE67_10:SA_D8ECE5BFCE67_10] Send IKEv2 request
2023-07-28 09:31:46VPN192.168.1.15180.209.xxx.xxThe cookie pair is : 0xbd42c44606422f78 / 0x0000000000000000
2023-07-28 09:31:46VPN192.168.1.15180.209.xxx.xx[INIT] Send:[SAi1][KE][NONCE][NOTIFY][NOTIFY][VID][VID][VID][VID][VID]
2023-07-28 09:31:25VPN192.168.1.15180.209.xxx.xxIKE SA [SA_D8ECE5BFCE67_10] is disconnectedas you can see in the logs we get
2023-07-28 09:35:19VPN192.168.1.15180.209.xxx.xxPeer not reachable
but this is after both ends being able to talk to each other so we can now work out why this happens only on a vodafone sim
I will send the customer over to you shortly
0 -
@Tom_FT since the Vodafone sim is not installed right now. Let's figure this out on the testing site with Vodafone sim installed.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight