FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
2,375 views 9 comments
by
RUTX11 with multiple subnets on IPSEC not functional, only first subnet will be routed in the unit.

Secondary subnets will go to WAN instead of tunnel.

Software bug?

3 Answers

0 votes
by anonymous
Hello,

can you provide configuration example?
by
We create an IPSEC tunnel with IkeV2 against a second unit (Watchguard firewall).

We specify local and remote subnets.

First subnet works flawlessly, second do not route.

If we switch place on the subnets, the second one will work if it is in first place.

Example:

Subnet one: local 192.168.42.0/24 remote:192.168.40.0/24  works.

Subnet two: local 192.168.42.0/24 remote:10.1.25.0/24 not working.

If I change the order:

Subnet one: local 192.168.42.0/24 remote:10.1.25.0/24 works

Subnet two: local 192.168.42.0/24 remote:192.168.40/24 not working

The second subnet will not be visible in the routing table, and thereby not routed to the right destination.
by anonymous

This configuration working fine with my routers.

You can check out IPsec routes with:

ip route show table 220

by

Hi, sorry for the delay. I had to get hold of the unit again…

This is the two subnets I try to get to work simultanious.

This is the Routes that is shown in the web-gui, no IP 192.168.40.0/24 here. Just the 10.x network.

In SSH, still no route for the 192.168.40.0 network…

If I switch places of the two "Right subnets" in the unit the 192.168.40.0/24 network is functional and routed, but not the 10.x one.

Regards,

Ingemar

by anonymous
I think your IPsec "server" won't accept second route on negotiation, maybe you configured it for two separate tunnels not one?
by

Hi,

I have done this on 12 other units/locations and it is usually straight forward. (never done it on a Teltonika unit though)

1. Create the Gateway (Phase 1)

2. Create the tunnel(s) (Phase 2) Please see picture below.

-The IPSEC network route should be created in the unit even if the connection is not made yet, right?

by anonymous

Routes created at the end of IPsec negotiation.

Can you print system log here or PM? Maybe there is any obvious error.
System log is at Status->Logs->System Log
by
Hi Simonas,

How do I PM?

Little to much information in the logs for general public...
by anonymous
Click on my name in answer.

May be require to register an account.
0 votes
by anonymous
I have the same issue when I upgraded multiple RUTX08 devices from RUTX_R_00.01.06 to RUTX_R_00.02.00.2 firmware version. Before upgrade all phases was working fine (talking about remote subnets). Just after the upgrade only first phases were up. If I change the order in configuration for remote subnet, other phases are up, previous are down. Feels like a bug.
by anonymous
Hi Ekrin,

I was recommended to create each subnet as an individual VPN connection instead of having multiple subnets in one VPN.

That worked better, but it is still not stable. Every now and then the second subnet fails to start up after reboot.
0 votes
by anonymous
Hi,

I had the same issue, I resolved it using IKEv1 instead of IKEv2.

Now I can use multiple subnets on the Teltonika side.

Regards,

Mino.