Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Convert IAP to a RAP using public IP but comes with VPN errors.

This thread has been viewed 7 times

  • 1.  Convert IAP to a RAP using public IP but comes with VPN errors.

    Posted Jun 15, 2014 11:48 PM
      |   view attached

    Hi guys.

     

    I am trying to convert an IAP to a RAP with public IP but I got error with VPN setup fails.

    I checked the other side and the UDP port is open on Firewall and permit on the Controller.

     

    Any ideas what is going wrong?

     

    PS. I have attached a file with the log error.

     

    Cheers

     

    Attachment(s)

    txt
    logs2.txt   22 KB 1 version


  • 2.  RE: Convert IAP to a RAP using public IP but comes with VPN errors.

    EMPLOYEE
    Posted Jun 16, 2014 04:31 AM

    lalves,

     

    Did you try to convert any other IAPs?  If it is not working, frequently you have to look on BOTH sides, not just one side to determine what is wrong.  If you can convert any others, then the problem is specifically with this one.  If you cannot convert any others, we have to look at the controller.  



  • 3.  RE: Convert IAP to a RAP using public IP but comes with VPN errors.

    Posted Jun 17, 2014 04:31 PM

    Hi cjoseph.

     

    Thanks for your reply.

     

    Yes we have tried other one. It seems that the client firewall is the issue. The UDP 4500 port is not properly open on firewall. I will post more after I find more about.

     

    cheers

     

    Luiz Alves



  • 4.  RE: Convert IAP to a RAP using public IP but comes with VPN errors.

    Posted Jun 16, 2014 11:33 AM
    Have you configured the VPN service and IP pool on the controller?


  • 5.  RE: Convert IAP to a RAP using public IP but comes with VPN errors.

    Posted Jun 17, 2014 04:33 PM

    Hi tsd25108.

     

    Yes the pool is configure with no routeble IPs. It seems something one clients firewall or router.

     

    Cheers



  • 6.  RE: Convert IAP to a RAP using public IP but comes with VPN errors.

    Posted Jun 17, 2014 07:10 PM

    One thing I found is that, scanning the UDP port with nmap, shows state port as Open-Filtered. Not sure if it is could be the problem too.

     

    :smileyfrustrated:



  • 7.  RE: Convert IAP to a RAP using public IP but comes with VPN errors.

    EMPLOYEE
    Posted Jun 17, 2014 07:12 PM

    NMAP is not super-reliable at detecting Open UDP ports.



  • 8.  RE: Convert IAP to a RAP using public IP but comes with VPN errors.

    Posted Jul 27, 2014 12:15 AM

    Any updates on what caused/how to fix?

     

    I think I've got the same problem.

    Updated our controller from 6.3.1.7 to 6.3.1.9 earlier in the week then all the RAPs started failing to connect.

    I've reset my RAP and tried to connect again and get the same logs that you got.

     

    Tried rolling back to 6.3.1.7 and the saved config from Monday.

    Hasn't resoleved, so rebooted back to 6.3.1.9

     

    #OK, solved my problem.

    Someone had done a repair from Airwave, and it looks like it removed the static default route from the controller.

    If yours is the same... I did show datapath session | include 4500
    I could see all the external RAP IPs, but was getting status of FY (Fast age, no syn)

    Did a show crypto ipsec sa

    And only showed the master and local connections.

    Checked the show ip route and found the master had the static route from the local rather than its own one.

     

    Then made sure I had smaller routes for 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 for the internal gateway

    And then changed the static to match the currect gateway for the IP the RAPs connect to.

     

    Big thanks to James @ Aruba in Wellington NZ for pointing me in the right direction