OldFox  Freshman Member

After conducting further research, I've discovered that there are two primary methods for configuring WAN failover on a USG device: 1. WAN Failover via trunk of a USG 2. WAN Failover on a USG with Policy Routes For my current setup, I've opted for the first approach—using trunking with WAN1 set as active and WAN2 as…

Thank you for your suggestions. To clarify, which interface are you recommending I should disable the Connectivity Check on? I presume it's WAN1? I've followed your advice and modified my current configuration as follows: Interface WAN1: Connectivity Check disabled Interface LAN1: Connectivity Check disabled Policy Routing…

When manually disconnecting and subsequently reconnecting the WAN1 Ethernet cable, the system performs flawlessly: The system automatically failovers to WAN2 during the disconnection and seamlessly transitions back to WAN1 upon reconnection. However, achieving the same seamless failover behavior proves challenging when the…

Thanks for the hint, that would probably work and I'll definitely try it out. Currently I've switched to PLAN-B and did the following: - switched from "Remote Access (Server Role)" to "Site-to-site with Dynamic Peer" - switched to IKEv2 with certs auth. - created another tunnel from site3 to site 1, so I have 3 tunnels…

Nope, package doesn't reach the Site3. It's probably stuck somewhere on Site2. What else can I try?

I didn't know about the concentrator. The example HERE looks almost exactly like in my case. Except that the connection between site 2 and site 1 is "site-to-site", but connection between site 2 and site 3 is "Remote Access (Server Role)"(site 2), because site 3 has dynamic IP (or I'm not sure how to setup site-to-site in…

I didn't know about the concentrator. The example HERE looks almost exactly like in my case. Except that the connection between site 2 and site 1 is "site-to-site", but connection between site 2 and site 3 is "Remote Access (Server Role)"(site 2), because site 3 has dynamic IP (or I'm not sure how to setup site-to-site in…

Very useful hint, thanks! I'll try it and let you know.

Could you please give me any hints, how to do that? Do I need any additional setup on the Site3(ubuntu)... to route 192.168.3.0/24 to 192.168.1.0/24?

@Zyxel_Jeff Wow, if I disable the PFS (phase2) it works! Thanks. But if I switch back to authentication with certificates, it doesn't work. Phase 1 is ok, but in Phase 2 I get the "delete" or "close connection" message (I will post log later, when I get home) , without any error message. Any idea why it doesn't work with…

@Zyxel_Jeff thanks for the feedback. I've removed VPN settings and started from scratch. I've done some changes: * changed encryption: AES128 to AES256 (in phase1 and phase2 settings) * changed address pool to range 10.10.10.1 - 100 * switched from certificate authentication to Pre-Shared Key * changed the local policy…

I'm also attaching the log file of successful connection from the iPhone to the StrongSwan VPN server.