VPN Tunnel in Repeater Mode

Hi everybody,

maybe someone can help me out, seems I’m lost with my strongswan config.

I’m using a Mt300a as a roadwarrior device to establish a VPN to my static router. For that I have the Mt300a in Repeater Mode connected to whatever WiFi is available on the road and Laptop etc. connected to the Mt300’s own WiFi . So the setup is like this:

Laptop (wlan A) - Mt300 (interface wlan A) -Mt300 (wlan B, interface wwan-sta) - hotel router (wlan B) - Internet - public interface of Homerouter (static ip) .

Homerouter is waiting for VPN init by the (variable) Roadwarrior. On the Mt300 I’m able to ping the static Homerouter IP so general connection is available. However no matter what, ipsec (strongswan) sits at connecting without any error, the tunnel never even tries to get established. Any idea, what I could try to at least identify the problem? Could it be that strongswan is irritated by the double wlan repeater setup without using the wan interface? Any help appreciated !


EDIT: Nevermind, figured it out. Since it can’t be written often enough to help people spending lots of their time on this (like me…): If you want to build a VPN tunnel between strongswan or openswan and a Fritzbox: The Fritzbox will only!!! accept dyndns hosts in ikev1 aggressive mode. You need to use aggressive mode (not main/idp) in the vpn.cfg of the Fritzbox and in ipsec.conf (ikev1, agressive=yes) or don’t use dyndns at all (almost impossible in a roadwarrior setup). Hope this helps someone someday!

1 Like

Thanks for sharing.