VPN orchestrator with Vodafone Sim

Tom_FT
Tom_FT Posts: 2  Freshman Member
First Comment Second Anniversary
in Nebula

Hi

we have this setup

all devices are in Nebula

Head office

ATP500 on Leased Line

Shops

1 x FWA510 (nebula)

1 x USG Flex 200

1 x GS1920-8HP

Broadband connects to the USG and Sim in FWA510

all shops connect to the head office using the VPN Orchestrator

The Problem

if we put an EE, O2 or three (these are just the sims we have access to) Sim in the FWA510 then the VPN comes up straight away with no problems.

if we put a Vodafone UK sim in the FWA510 then the VPN never connects. it seems to go through the negotiation but at the very last part it doesn't get a response back from the ATP500 and then starts the negotiation again.

This only happens with a Vodafone sim, we are a bit stumped, we can't ignore this as the client has a contract with Vodafone so they want to get this working.

they do have some meraki kit that that uses the Vodafone sim and they connect fine, so it seems to be limited to vodafone and Zyxel

I am sure I have logged a support call about it before but they couldn't find anything wrong on the Zyxel end.

I am mainly wondering if anyone has got this working with Vodafone or has a similar problem.

All Replies

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    edited August 2023

    @Tom_FT Welcome to Zyxel community!

    May I know more detailed information about the negotiation when using the Vodafone sim? Did you capture the packets while negotiation?

    Moreover, please provide the org/site via private message, thanks

  • Tom_FT
    Tom_FT Posts: 2  Freshman Member
    First Comment Second Anniversary

    Hi, I have done a packet capture in the past, I'll see if I can find it. we don't have the kit in this setup at the moment as we had to get it to site but I am getting a test kit in the next few days so we can keep testing it.

    this is what we see in the logs when it's not working

    2023-07-28 09:35:53VPN192.168.1.15180.209.xxx.xx[AUTH] Send:[IDi][CERT][CERTREQ][IDr][AUTH][SAi2][TSi][TSr][NOTIFY][NOTIFY][NOTIFY][NOTIFY]
    2023-07-28 09:35:51VPN80.209.xxx.xx192.168.1.151[INIT] Recv:[SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][CERTREQ][VID][VID][VID][VID][VID][VID]
    2023-07-28 09:35:51VPN192.168.1.15180.209.xxx.xx[INIT] Send:[SAi1][KE][NONCE][NOTIFY][NOTIFY][VID][VID][VID][VID][VID]
    2023-07-28 09:35:51VPN192.168.1.15180.209.xxx.xxTunnel[SA_D8ECE5BFCE67_10:SA_D8ECE5BFCE67_10] Send IKEv2 request
    2023-07-28 09:35:51VPN192.168.1.15180.209.xxx.xxThe cookie pair is : 0xafbe4ba71531aa80 / 0x0000000000000000
    2023-07-28 09:35:19VPN192.168.1.15180.209.xxx.xxPeer not reachable
    2023-07-28 09:35:19VPN192.168.1.15180.209.xxx.xxIKE SA [SA_D8ECE5BFCE67_10] is disconnected
    2023-07-28 09:33:47VPN192.168.1.15180.209.xxx.xx[AUTH] Send:[IDi][CERT][CERTREQ][IDr][AUTH][SAi2][TSi][TSr][NOTIFY][NOTIFY][NOTIFY][NOTIFY]
    2023-07-28 09:33:46VPN80.209.xxx.xx192.168.1.151[INIT] Recv:[SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][CERTREQ][VID][VID][VID][VID][VID][VID]
    2023-07-28 09:33:45VPN192.168.1.15180.209.xxx.xxTunnel[SA_D8ECE5BFCE67_10:SA_D8ECE5BFCE67_10] Send IKEv2 request
    2023-07-28 09:33:45VPN192.168.1.15180.209.xxx.xxThe cookie pair is : 0xe19c28ff3a4b18c7 / 0x0000000000000000
    2023-07-28 09:33:45VPN192.168.1.15180.209.xxx.xx[INIT] Send:[SAi1][KE][NONCE][NOTIFY][NOTIFY][VID][VID][VID][VID][VID]
    2023-07-28 09:33:45VPN192.168.1.15180.209.xxx.xxThe cookie pair is : 0xe19c28ff3a4b18c7 / 0x0000000000000000
    2023-07-28 09:33:19VPN192.168.1.15180.209.xxx.xxIKE SA [SA_D8ECE5BFCE67_10] is disconnected
    2023-07-28 09:31:48VPN192.168.1.15180.209.xxx.xx[AUTH] Send:[IDi][CERT][CERTREQ][IDr][AUTH][SAi2][TSi][TSr][NOTIFY][NOTIFY][NOTIFY][NOTIFY]
    2023-07-28 09:31:46VPN80.209.xxx.xx192.168.1.151[INIT] Recv:[SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][CERTREQ][VID][VID][VID][VID][VID][VID]
    2023-07-28 09:31:46VPN192.168.1.15180.209.xxx.xxThe cookie pair is : 0xbd42c44606422f78 / 0x0000000000000000
    2023-07-28 09:31:46VPN192.168.1.15180.209.xxx.xxTunnel[SA_D8ECE5BFCE67_10:SA_D8ECE5BFCE67_10] Send IKEv2 request
    2023-07-28 09:31:46VPN192.168.1.15180.209.xxx.xxThe cookie pair is : 0xbd42c44606422f78 / 0x0000000000000000
    2023-07-28 09:31:46VPN192.168.1.15180.209.xxx.xx[INIT] Send:[SAi1][KE][NONCE][NOTIFY][NOTIFY][VID][VID][VID][VID][VID]
    2023-07-28 09:31:25VPN192.168.1.15180.209.xxx.xxIKE SA [SA_D8ECE5BFCE67_10] is disconnected

    as you can see in the logs we get

    2023-07-28 09:35:19VPN192.168.1.15180.209.xxx.xxPeer not reachable

    but this is after both ends being able to talk to each other so we can now work out why this happens only on a vodafone sim

    I will send the customer over to you shortly

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    @Tom_FT since the Vodafone sim is not installed right now. Let's figure this out on the testing site with Vodafone sim installed.

Categories

Nebula Tips & Tricks


    Read more

    Nebula Help Center

    EnglishTiếng ViệtРусскийไทย中文(台灣)