In this recipe, we deliberately kept the encryption settings at their default values in order to simplify the process. If your organization has more stringent security standards, however, feel free to change these settings to meet your requirements. Just make sure that the settings are the same on the server and client sides.

If you were unable to establish a VPN connection, there are a number of reasons why it might fail. In order to troubleshoot such a problem, we must first gather information, and a good place to start is the system logs. Navigate to Status | System Logs | VPN to begin. The latest log entries should provide a clue as to why a VPN tunnel cannot be established.

If you are having problems with authentication, make sure the CA and certificates were set up correctly. Remember, the CA should be the same on both ends of the connection, while the server side should be using a server certificate and the client side should be using a user certificate. Both server and user certificates should be internal certificates using the same CA. Another reason authentication may fail is that the TLS key does not match on client and server.

It is possible that the connection attempt may fail before reaching the authentication phase. If so, you may want to make sure that the server can reach the client and the other way around. To do so, you could ping the client from the server and the server from the client. Before you do so, you should make sure there is a rule on the WAN interface for each side to allow Internet Control Message Protocol (ICMP) traffic. If not, you can add such rules. You may want to disable these rules later for security reasons.