Edgerouter lite ipsec site-to-site with dynamic ip in both places

One of my clients needs to renew an very old router, We choose an Edgerouter lite because has a incredible price, performance is more than enough for client internet capacity and the customer needs a VPN between two offices

Edgerouter liteBoth locations have dynamic ip, so we choose to use a dynamic dns service ( no-ip , dyndns, afraid …).

After configure NAT, PPPOE, port forwading, DHCP and various services, I decide to configure an ipsec site-to-site conection.

First i updated Edgerouter to latest firmware version  1.9.0 (new is always better)

I used gui wizard and doesn’t work, I follow serveral guides and doesn’t work I played with CLI and nothing worked, my VPN doesnt start.

After reading some documentation of StrongSwan I found the solution.

after configure site-to-site using web GUI y opened a CLI and launch a couple of command

Router A (factory.ddns.site)
set vpn ipsec site-to-site peer office.ddns.site authentication id fqdn:factory.ddns.site
set vpn ipsec site-to-site peer office.ddns.site authentication remote-id fqdn:office.ddns.site

Router B (office.ddns.site)
set vpn ipsec site-to-site peer factory.ddns.site authentication id fqdn:office.ddns.site
set vpn ipsec site-to-site peer factory.ddns.site authentication remote-id fqdn:factory.ddns.site

 

2 Replies to “Edgerouter lite ipsec site-to-site with dynamic ip in both places”

  1. Lifesaver! Been troubleshooting some other issues and upgraded the EdgeRouter firmware from v1.7 to v1.9.1 killed our site to site VPN. Couldn’t find anything on the UBNT forums, but this solved the issues instantly. Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *