BR-200WP Can't connect to Cloud VPN Gateway?

  • 2
  • Question
  • Updated 5 years ago
  • Answered
Hello,

I have been able to establish connections to other BR-200WP with the CVG, however I have one that's giving me issues.

Here is the messages it's giving...

2013-01-21 19:34:30 info ah_cli: admin:
2013-01-21 19:34:29 info ah_vpn: ERROR: Peer failed phase 1 authentication (certificate installed?valid?expired?)

2013-01-21 19:34:29 info ah_vpn: ERROR: the peer's certificate is not verified.
2013-01-21 19:34:29 info ah_vpn: ERROR: issuer certificate does not exist or has problem(mismatch/expired?).please make sure CA is installed and valid.

2013-01-21 19:34:29 info ah_vpn: unable to get local issuer certificate.
2013-01-21 19:34:29 info ah_vpn: unable to get local issuer certificate(20) at depth:0 SubjectName:/C=US/ST=California/L=Sunnyvale/O=Aerohive/OU=Default/CN=HM Server

2013-01-21 19:34:29 info kernel: [mpi]: socket is closed, pid(-4156), protocol(0)
2013-01-21 19:34:29 info ah_vpn: Phase 1 started
2013-01-21 19:34:28 info ah_vpn: ERROR: Phase 1 is not exist, unknown Informational exchange received.

2013-01-21 19:34:26 info ah_vpn: Phase 1 deleted
2013-01-21 19:34:25 info kernel: [mpi]: socket is closed, pid(-4155), protocol(0)
2013-01-21 19:34:25 info kernel: [mpi]: socket is closed, pid(-4154), protocol(0)

Any ideas?

Thanks.
Photo of Frank Asencio

Frank Asencio

  • 8 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 2
Photo of Adam Conway

Adam Conway

  • 101 Posts
  • 55 Reply Likes
This sees like a time issue. check and make sure that the time is the same on both the CVG and the BR-200. In order for certificate based VPNs to work in the Aerohive world clock needs to be with in 5 mins of eachother. So basically, all you need to do is configure NTP.

Good luck and let me know if it works.
Photo of Frank Asencio

Frank Asencio

  • 8 Posts
  • 0 Reply Likes
Hi Adam,

The clock is within 2 minutes of each other. How do I set an ntp server to sync with on the BRs? Shouldn't it use the HM?

Thanks.
Photo of Mathew Edwards

Mathew Edwards, Employee

  • 15 Posts
  • 16 Reply Likes
Hi Frank,

In the configuration wizard, select your policy then navigate to additional settings, management server settings, NTP server, you can then use either an NTP server (such as ntp1.aerohive.com) or sync the clocks of all devices within that policy to that of HiveManager.
Photo of Frank Asencio

Frank Asencio

  • 8 Posts
  • 0 Reply Likes
Hi Guys,

I have all the BRs ntp settings configured to sync with the Hive manager , but this one BR still does not connect. Anything else I can try?

Thanks.
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Frank,
My advice is to contact Aerohive Technical Support. All the suggestions so far have been good, but since none of them have resolved your issue it may be best to have our dedicated troubleshooters help you nail down what is preventing this one BR from connecting.
Photo of Frank Asencio

Frank Asencio

  • 8 Posts
  • 0 Reply Likes
Hi Mike,

It started working all of a sudden. I guess that did that trick somehow, but not right away.

Thanks.
Photo of Adam Conway

Adam Conway

  • 101 Posts
  • 55 Reply Likes
Sometimes the issue is DNS - if DNS isn't set properly up front, the BR doesn't know how to get to the NTP server.