WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

IPsec not connecting from RUT955

0 votes
1,531 views 0 comments
by

Hello!

My RUT955 does not seem to connect actively to IPsec peer. 

My setup us:

  • RUT955 LTE - dynamic ip, FW ver.: RUT9XX_R_00.06.04.5
    • Signal strength -75 dBm
    • RSRP -105 dBm
    • RSRQ -10 dB
    • SINR 7.9 dB
  • pfSense - Static IP
  • site to site ipsec configured and working properly, if I enter the dynamic IP of the RUT955 in pfSense

Requirement:

  • I want the RUT955 instantly reconnect IPsec after IP change on WAN interface.

Observation:

  • If WAN IP changes on RUT955, I see no incomming connections on pfSense from RUT955. pfSense forum suggested changing the peer IP to 0.0.0.0, so it allows all incomming connections which are authenticated. I see no incomming connections from RUT955.
  • pfSense initiates IPsec connection to configured IP/hostname
  • Manual restart of IPsec on RUT955 via WebUI does not initiate IPsec connection

Workaround:

  • I workarounded with dynamic dns for RUT955, but this takes some minutes to update.

Question:

  • How can I access the IPsec logs on RUT955?
  • Can anyone suggest next steps in debugging?

Thanks for advice.

1 Answer

0 votes
by anonymous

Hello,

It seems that in your case pfSence equipment initiates IPsec connection to RUT955 and that RUT955 have Public Dynamic IP address.

In this case, you would not be able to force router's to re-establish IPsec tunnel any faster, since it would take some time for RUT955 to inform DDNS service provider and then pfSence router to acquire new IP address and re-initiate the connection.

I.e. this is not a an issue with RUT955 itself, which could be debugged or resolved. Re-connection delay is inevitable since your pfSence equipment is trying to connect to device, which IP changes overtime and needs to be updated/reacquired periodically.

Nonetheless, you can try playing with RUT955 through SSH (e.g. using Putty software for Windows):

  • SSH login: root
  • SSH password: <your router's password>

 - With "ipsec status" SSH command you can see all active tunnels (including established ones and the ones, which are still "connecting")

 - With "logread" command you can see all router's logs form the past and with "logread -f" command you can see all future router's logs. These logs contains whole router's information. In them, you will find DDNS update logs and IPsec logs (which will appear when pfSence router will reach RUT955. You will also see periodic IPsec tunnel keep alive exchanges)