With Digi Cellular firmware 2.13 and above, The Greenbow VPN client will fail with a Phase 2 error.
This is caused by old obsolete NAT-T draft protocols. Theses protocols will have to be turned off in the Digi. This is a configuration option that can be set from the CLI on the Digi Connect Cellular units.
Telnet to the command line and enter the following:
#> set vpn global
The output results will be similar to what is below
Global VPN Configuration :
antireplay : on
suppress_phase1_lifetimes : off
suppress_delete_sa_for_pfs : off
send_natt_draft_01_id : on
send_natt_draft_02_id : on -These options need to be off
send_natt_draft_03_id :on
dynamic_dns : off
To turn off the old NAT-T protocols enter the following commands in the CLI:
set vpn global send_natt_draft_01_id=off
set vpn global send_natt_draft_02_id=off
set vpn global send_natt_draft_03_id=off
After turning the of NAT-T options off verify by entering the following command:
set vpn global
You should see the following:
antireplay : on
suppress_phase1_lifetimes : off
suppress_delete_sa_for_pfs : off
send_natt_draft_01_id : off
send_natt_draft_02_id : off These options should now be off
send_natt_draft_03_id off
dynamic_dns : off
Last updated:
Jan 11, 2024