VPN Issues - Port 500 possibly being blocked?

I have a crappy RV042 in the UK connecting to a customers Peplink Firewall in HongKong with a S2S VPN. Since the weekend they have been complaining that the vpn has been going up/down and they have had to reboot their peplink device 3 times.

​

On our side i am seeing this:

ERROR: asynchronous network error report on eth1 for message to xxx.xxx.xxx.xxx port 500, complainant xxx.xxx.xxx.xxx: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]

​

I have searched for this error, but nothing concise is coming up. Is it possible that there is something in the way blocking port 500 hence vpn not completing? Our side is connected directly to the internet, no NAT, and it behind a router we own and manage (all our infrastructure)

Great Firewall issues?

Could be, I’ve seen where sometimes it’s blocked. Use NAT-T (Nat traversal - UDP 4500) and see if that works.

Seems like a firewall/ACL blocking the traffic - the fact you are getting an ICMP response saying the port isn’t open would support the fact that the traffic is getting to the remote side but isn’t allowed on their device.

Are they actually in HK with an HK-based circuit? If so GFW is not in front of the connection.

If the circuit connects to Mainland China then almost certainly it’s a GFW issue.