Hi,
I am try to establish GRE/IPSec site to site connectivity between a AWS cloud based VyOS router and one of my on premise Mikrotik CCR routers. I am having much difficulty getting phase 2 up and I was hoping someone has perhaps dealt with a similar problem before. The error seems to be very common but non of the fixes I have tried (e.g. setting authentication ID) have fixed the issue.
Config:
set vpn ipsec esp-group GRE compression ‘disable’
set vpn ipsec esp-group GRE lifetime ‘3600’
set vpn ipsec esp-group GRE mode ‘transport’
set vpn ipsec esp-group GRE pfs ‘enable’
set vpn ipsec esp-group GRE proposal 1 encryption ‘aes128’
set vpn ipsec esp-group GRE proposal 1 hash ‘sha1’
set vpn ipsec ike-group GRE dead-peer-detection action ‘restart’
set vpn ipsec ike-group GRE dead-peer-detection interval ‘15’
set vpn ipsec ike-group GRE dead-peer-detection timeout ‘30’
set vpn ipsec ike-group GRE ikev2-reauth ‘no’
set vpn ipsec ike-group GRE key-exchange ‘ikev1’
set vpn ipsec ike-group GRE lifetime ‘28800’
set vpn ipsec ike-group GRE proposal 1 dh-group ‘2’
set vpn ipsec ike-group GRE proposal 1 encryption ‘aes128’
set vpn ipsec ike-group GRE proposal 1 hash ‘sha1’
set interfaces tunnel tun1 address ‘169.254.1.1/30’
set interfaces tunnel tun1 encapsulation ‘gre’
set interfaces tunnel tun1 local-ip ‘10.0.1.1’
set interfaces tunnel tun1 remote-ip ‘180.0.0.1’
set vpn ipsec ipsec-interfaces interface ‘eth0’
set vpn ipsec site-to-site peer 180.0.0.1 authentication id ‘190.0.0.1’
set vpn ipsec site-to-site peer 180.0.0.1 authentication mode ‘pre-shared-secret’
set vpn ipsec site-to-site peer 180.0.0.1 authentication pre-shared-secret ‘secret-here’
set vpn ipsec site-to-site peer 180.0.0.1 authentication remote-id ‘180.0.0.1’
set vpn ipsec site-to-site peer 180.0.0.1 connection-type ‘initiate’
set vpn ipsec site-to-site peer 180.0.0.1 default-esp-group ‘GRE’
set vpn ipsec site-to-site peer 180.0.0.1 ike-group ‘GRE’
set vpn ipsec site-to-site peer 180.0.0.1 local-address ‘10.0.1.1’
set vpn ipsec site-to-site peer 180.0.0.1 tunnel 1 protocol ‘gre’
Error:
cannot respond to IPsec SA request because no connection is known for 180.0.0.1/32===10.0.1.1[180.0.0.1]:47/0…190.0.0.1[190.0.0.1]:47/0