One of my clients needs to renew an very old router, We choose an Edgerouter lite because has a incredible price, performance is more than enough for client internet capacity and the customer needs a VPN between two offices
Both locations have dynamic ip, so we choose to use a dynamic dns service ( no-ip , dyndns, afraid …).
After configure NAT, PPPOE, port forwading, DHCP and various services, I decide to configure an ipsec site-to-site conection.
First i updated Edgerouter to latest firmware version 1.9.0 (new is always better)
I used gui wizard and doesn’t work, I follow serveral guides and doesn’t work I played with CLI and nothing worked, my VPN doesnt start.
Checked StrongSwan documentation and found the solution.
after configure site-to-site using web GUI just open a CLI and launch a couple of command
Router A (factory.ddns.site)
set vpn ipsec site-to-site peer office.ddns.site authentication id fqdn:factory.ddns.site
set vpn ipsec site-to-site peer office.ddns.site authentication remote-id fqdn:office.ddns.site
Router B (office.ddns.site)
set vpn ipsec site-to-site peer factory.ddns.site authentication id fqdn:office.ddns.site
set vpn ipsec site-to-site peer factory.ddns.site authentication remote-id fqdn:factory.ddns.site