The problem is that there are no responses coming back in 99% of cases. I see packets from 1900 to 4000+ bytes (for whatever reason, the size of these auth packets is not consistent, keeps changing from attempt to attempt, and there's no way to check why since content is encrypted).įragmentation is not a problem for the Mikrotik router / firewall / NAT (which knows how to reassemble / filter / NAT / fragment), so I see these larger packets flowing reassembled through the NAT, and then I see them again properly fragmented in the Wireshark packet capture going from the router to the cable modem. Likely due to the size of certificates, the next ISAKMP messages sent over UDP 4500 are larger than IP MTU, which means that such larger UDP packets have to be fragmented.
encapsulating all further ISAKMP and ESP communications into UDP 4500.ģ) The next stage is IKE_AUTH, where Cellspot client is supposed to send its identity and certificate to authenticate with the server, and get server's identity and certificate in response, to establish mutual trust. I can see packets going correctly in both directions.Ģ) From IKE_SA_INIT server response, Cellspot device understands that NAT is involved, so it correctly switches to using NAT-T, i.e. Looking at the packet captures reveals an interesting picture of attempts to establish IPSEC / NAT-T tunnel:ġ) The initial IKE_SA_INIT request-response sequence via UDP 500 works fine every time, no issues here. no additional routing / filtering / NAT'ing)įinally this weekend I've got some time to dig this further, looking at packets logs on the Mikrotik router itself, and running a Wireshark packet capture between the router and modem (notebook on mirrored switch port, getting a copy of all the traffic from router port). > "Technicolor TC8717T" ( cable modem in "dumb bridge mode", i.e. > "Netgear GS108T" (managed switch, with mirror port for packet capture) > " Mikrotik RB2011" (primary router / firewall / NAT, with public IP UDP ports 500, 4500, 123 verified open through NAT) Which points to problems in communications between the device and TM servers. It just won't go past blinking green+orange lights sometimes orange light would go solid for a while, but then comes back to blinking for most of the time. I have got 4G LTE Cellspot V1 a couple of weeks ago, and was trying to make it work since then. It is a long case description, but this is because it has all the technical details that would make sense to experts, and improve chances of resolution. Sharing this with community in case someone has answers, or can confirm my findings.
0 kommentar(er)
