Is the authentication failed error seen on the local ER-X or remote Fritzbox?

In reply to a post by prlzx:

Is the authentication failed error seen on the local ER-X or remote Fritzbox?

On the remote FritzBox.

Looking at your config you are missing something from the authentication sections.
You've set the pre-shared key but no IDs (think: who am I and who are you).

https://help.ui.com/hc/en-us/articles/115013382567-E...

shows a couple of ways (either/or) of setting the (local-) id and remote-id that will be used by each end.
The article is also an example of when one side is behind NAT when deciding what to use as an ID.

If the Fritzbox does not expose the IDs and just configures them based on other information provided, you'll need to figure out what it uses.
Could be IP addresses, FQDNs (AVM call it those a web address which is confusing because it is not a URL) or some other unique label.

I still think you'll need to watch the ER-X VPN logs while connecting to see if the responses provide remaining hints.

Edited by prlzx (Sat 31-Jul-21 15:42:45)

So I'm at the remote site. Port forwarding from the FritzBox to the ER-X for ports 500 & 4500. Ditto the other site. So EdgeRouter to EdgeRouter set up in site to site and

SFA

no connection, no tunnel no dice.

If I can't get two ER-Xs to talk to each other what hope to Fritz?

Like I say, I'm clearly missing something.

As mentioned earlier in the thread, have you enabled ESP (protocol 50) on the firewall?

I'm not a fan of Ubiquiti apart from their APs but we use a SG Pro at work so I have had some experience of setting up IPSEC.

Is the interface similar as I have a pic if it helps?