The staff member of a client of ours who has a 60E Fortigate with the latest 6.2 firmware, is trying to connect from his new home, which uses a Starlink connection. If we use the Starlink connection, we cannot connect at all to the Fortigate, but if we tether to a Mobile 4G connection or similar, it works fine, as does the same credentials from a Fibre connection.
TIA for any insight into what might be happening.
Ok turned out to be entirely unrelated to starlink. Realtek ethernet cards cause this issue and downgrading them to a version someone else used to solve the problem got the connection live immediately.
I’ve done a couple of IPSEC via Starlink setups and found it straight forward as with any other type ISP. Do you use the Starlink NTU in passthrough mode?
Do you try to connect to the FGT using an IPv4 address?
Is Starlink IPv6-only or uses IPv4 carrier grade NAT by any chance?
I‘ve seen lots of issues connecting from IPv6-only or Carrier-grade NAT connections to IPv4 IPSec VPNs. From no connection at all to intermediate packet loss or disconnects after a few seconds.
I use Starlink, and OneWeb as well as other geosynchronous, non-terrestrial connections, on hundreds of firewalls. You are coming from an address with Nat, so therefore you want to set up aggressive mode and make sure you’re coming into a public and also make sure the settings are set for reconnecting and keeping the interface up at all times. You may even want to set a link monitor across the tunnel to keep it going from the far side where the satellite connection is.
Starlink no soporta protocolo IPSEC para poder realizar conexiones tipo VPN. Es un tremendo problema, porque toda la SDWAN de todas las compañia lo ocupan como un standard. Qué es lo que dice Starlink, el caso y la respuesta es la siguiente y la dejo en su idioma original.
The SDWAN provider ran a TCP dump and thought it was a Starlink issue. I contacted Starlink regarding their traffic filtering and even asked if they limit IPsec traffic. Their response was the following,
In answer to your question:-Starlink supports VPNs that utilize TCP or UDP, for example SSL based VPNs. PPTP (Point-to-Point Tunneling Protocol), «and other non TCP or UDP based VPN types are currently not compatible with Starlink». We are unable to provide guidance on VPN configuration and the customer would need to speak with their VPN provider or Administrator for guidance assuming the VPN type is supported
I doubt starlink would be blocking it categorically at least. Did you try running a packet capture on the receiving side? If the esp protocol is being blocked I think you can force nat-t on the ipsec which changes it to udp-encap esp. Maybe it’s the starlink terminal settings, as I think another commenter suggested.
I had this issue with our SL side. It was geo locating their public IP to Brazil and on the dial in side of the tunnel, we were blocking all but US connections.
Using URL shorteners causes your post to be automatically deleted by reddit’s anti-spam measures, so other users cannot see it. Please delete and repost your comment without the link.
