FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
865 views 1 comments
by
Hi,

i have some strange things with the ipsec vpn config of multiple RUT 950 routers.
the routers connect via 4g to the internet and create a vpn tunnel to the main vpn router.

using firmware RUT9XX_R_00.06.05.1
the problem i have is that in the ipsec.config file the first conn section ha two right subnet entry's created.
there for that subnet doesn't create a phase two tunnel.

The config below is created via the web gui

Thanks for the help.

# generated by /etc/init.d/ipsec
conn %default
        rekeymargin=3m

conn passthrough0
        leftsubnet=192.168.235.0/24
        rightsubnet=192.168.235.0/24
        type=passthrough
        authby=never
        auto=route

conn ADRZ
        leftallowany=yes
        leftid=
        leftsubnet=192.168.235.0/24
        leftauth=psk
        rightauth=psk
        right=XXX.XXX.XXX.XXX
        rightid=%any
        keyexchange=ikev1
        authby=secret
        leftfirewall=no
        rightfirewall=no
        auto=start
        type=tunnel
        aggressive=no
        dpdaction=none
        dpddelay=30
        dpdtimeout=150
        forceencaps=no
        keyingtries=%forever
        ike=aes256-sha1-modp1024
        ikelifetime=8h
        esp=aes256-sha1-modp1024
        keylife=8h
conn ADRZ_8
        also=ADRZ
        rightsubnet=192.168.204.0/24

        rightsubnet=10.10.150.100/32

conn ADRZ_9
        also=ADRZ
        rightsubnet=192.168.205.0/24

conn ADRZ_1
        also=ADRZ
        rightsubnet=172.19.0.0/16

conn ADRZ_2
        also=ADRZ
        rightsubnet=172.20.0.0/16

conn ADRZ_3
        also=ADRZ
        rightsubnet=172.21.0.0/16

conn ADRZ_4
        also=ADRZ
        rightsubnet=192.168.200.0/24

conn ADRZ_5
        also=ADRZ
        rightsubnet=192.168.201.0/24

1 Answer

0 votes
by anonymous

Hello,

Please share screenshots of configuration of ADRZ_8 and ADRZ_9

Also, please share configuration of

/etc/config/strongswan

strongswan is a service that is responsible for IPsec connections.

Of course, omit any sensitive information before sharing.

by

Thx Peasant for looking in to this.

This is the screenshot of the ipsec config

and below is the strongswan file

root@Teltonika-RUT950:/etc/config# cat strongswan

config conn 'ADRZ'
        option keyexchange 'ikev1'
        option aggressive 'no'
        option ipsec_type 'tunnel'
        option auto 'start'
        option leftfirewall 'no'
        option forceencaps 'no'
        option dpdaction 'none'
        option rightfirewall 'no'
        option keep_enabled '0'
        option allow_webui '0'
        option ike_encryption_algorithm 'aes256'
        option ike_authentication_algorithm 'sha1'
        option ike_dh_group 'modp1024'
        option ikelifetime '8h'
        option esp_encryption_algorithm 'aes256'
        option esp_hash_algorithm 'sha1'
        option esp_pfs_group 'modp1024'
        option keylife '8h'
        option enabled '1'
        list leftsubnet '192.168.235.0/24'
        option right 'XXX.XXX.XXX.XXX'
        list rightsubnet '10.10.150.100/32'
        list rightsubnet '172.19.0.0/16'
        list rightsubnet '172.20.0.0/16'
        list rightsubnet '172.21.0.0/16'
        list rightsubnet '192.168.200.0/24'
        list rightsubnet '192.168.201.0/24'
        list rightsubnet '192.168.202.0/24'
        list rightsubnet '192.168.203.0/24'
        list rightsubnet '192.168.204.0/24'
        list rightsubnet '192.168.205.0/24'

config preshared_keys
        option psk_key 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
        list id_selector 'XXX.XXX.XXX.XXX'