WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUT240 "unable to install source route" on ipsec connection

0 votes
590 views 2 comments
by anonymous

We're trying to establish ikev2 ipsec tunnel between RUT240 (RUT2XX_R_00.01.12) and OpenBSD's iked. We've successfully deployed such tunnels using RUT950 and RUT900. Configuration on local (OpenBSD) side is identical to configurations for working tunnels, the only change is using SHA-256 for RUT240, as it seems to don't support SHA-512. Configuration on RUT240 side is also identical to RUT950/900 configurations, but lacks passthrough section in /etc/ipsec.conf

Ipsec tunnel seems to be correctly established at RUT240 startup, but as soon at is established it is closed by RUT240. Another attempt (done automatically by RUT240) establishes tunnel, but the error is visible in logs:

Mon Apr 6 18:17:35 2020 daemon.info ipsec: 08[KNL] received netlink error: Network is unreachable (128)
Mon Apr 6 18:17:35 2020 daemon.info ipsec: 08[KNL] unable to install source route for <rut_240_local_lan_ip>

Tunnel is in ESTABLISHED state on both sides of the connection, but we cannot ping anything on our side from RUT, and cannot ping RUT from our local subnet.

I'll gladly support you with logs from RUT and OpenBSD in private message, please contact me under my e-mail address.

by anonymous

Manually adding the route fixes the connection:

root@Teltonika-RUT240:~# ip route add 10.200.0.0/16 dev br-lan
root@Teltonika-RUT240:~# ping 10.200.100.17
PING 10.200.100.17 (10.200.100.17): 56 data bytes
64 bytes from 10.200.100.17: seq=0 ttl=252 time=51.215 ms
64 bytes from 10.200.100.17: seq=1 ttl=252 time=62.961 ms
64 bytes from 10.200.100.17: seq=2 ttl=252 time=63.392 ms
^C
--- 10.200.100.17 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 51.215/59.189/63.392 ms
root@Teltonika-RUT240:~# ping 10.200.0.17
PING 10.200.0.17 (10.200.0.17): 56 data bytes
64 bytes from 10.200.0.17: seq=0 ttl=126 time=41.450 ms
64 bytes from 10.200.0.17: seq=1 ttl=126 time=35.285 ms
64 bytes from 10.200.0.17: seq=2 ttl=126 time=59.982 ms

And so does adding the static route through webui. Tunnel is established and connection works even after reboot.

1 Answer

0 votes
by anonymous

Hello,

I have written you a PM for logs and configuration examples

Also what do you mean RUT240 does not support SHA-512, if you are using FW RUT2XX_R_00.01.12 choice for it is definitely there or do you mean it did not work for you? 

Best regards,
VidasKac

Edit:

I saw another topic of yours. We will look into it.

by anonymous

Logs and configs sent. Hope that helps.

Best regards
rk