FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
4,056 views 5 comments
by

Hi, I've got the confiquration exactly like this: https://wiki.teltonika.lt/index.php?title=IPsec_configuration_examples

Both routers has the latest firmware version RUT9XX_R_00.05.03.3.

Both ends have dynamic public ip-address. The other router is connected to the mobile network and the other end is connected to the cable network. Both ends have the same operator DNA (Finland).

The connection worked last time in the summer, some 5 months ago. New firmwares don't help. Both router's log shows the same error all the time:

I can connect the both routers and services in local networks via hhtp and hhtps.

Tue Dec 25 18:58:12 2018 daemon.info syslog: 12[NET] sending packet: from 87.xx.xx.xx[500] to 78.xx.xxx.xxx[500] (372 bytes)
Tue Dec 25 18:58:12 2018 daemon.info syslog: 13[NET] received packet: from 78.xx.xxx.xxx[500] to 87.xx.xx.xx[500] (60 bytes)
Tue Dec 25 18:58:12 2018 daemon.info syslog: 13[ENC] parsed QUICK_MODE request 1017677606 [ HASH ]
Tue Dec 25 18:58:12 2018 daemon.info syslog: 13[KNL] received netlink error: Network is unreachable (128)
Tue Dec 25 18:58:12 2018 daemon.info syslog: 13[KNL] unable to install source route for 192.168.1.1

'***************************************

Tue Dec 25 19:00:52 2018 daemon.info syslog: 12[NET] sending packet: from 78.xx.xxx.xxx[500] to 87.xx.xx.xx[500] (372 bytes)
Tue Dec 25 19:00:52 2018 daemon.info syslog: 13[NET] received packet: from 87.xx.xx.xx[500] to 78.xx.xxx.xxx[500] (60 bytes)
Tue Dec 25 19:00:52 2018 daemon.info syslog: 13[ENC] parsed QUICK_MODE request 3127257608 [ HASH ]
Tue Dec 25 19:00:52 2018 daemon.info syslog: 13[KNL] received netlink error: Network is unreachable (128)
Tue Dec 25 19:00:52 2018 daemon.info syslog: 13[KNL] unable to install source route for 192.168.0.1

by
Zithromax Launch Year  [url=http://asacdz.com]where to buy ****** online safely[/url] Thyrox 200 Order Online No Prescription Composition Du Nolvadex Pflanzliches ****** Potenzmittel

2 Answers

0 votes
by anonymous

Hello,

Just checked IPsec on RUT9XX_R_00.05.03.3 firmware version. IPsec is correctly working on this firmware version.

Could you take a screenshots of your both router's IPsec configuration and upload them here? (Hide Pre shared key / Remote VPN endpoint fields)

You have also mentioned, that both routers have dynamic IP addresses. Just to confirm: Have you changed your IPsec configuration accordingly to current router's IP addresses?

0 votes
by

Hi, the first one is the broadband router's configuration (192.168.0.0) and the second one is the mobile router's configuration.

The dynamic IP addresses work fine with hhtp and https, so I can reach the remote LAN from both sides using port forwarding.

I've also deleted the old ipsec configurations before upgrading to the new firmware.

by anonymous

Hi,

Try not to use any static routes, simple configure IPsec, also recommending you not to use "remote vpn endpoint" for you server side, leave it empty. Attaching short manual for making IPsec between two routers.https://community.teltonika-networks.com/?qa=blob&qa_blobid=2523811953889951933

by
I don't quite understand why I have to decide which router is the server and which one is the client. There are services implemented behind both routers.  According to this example there is no separation between the routers. This is also how I configured the routers when the IPSEC worked last time long time ago.

https://wiki.teltonika.lt/index.php?title=IPsec_configuration_examples

Anyway,  I removed the "remote vpn endpoint" from the "server's"  IPSEC configuration i.e the router which is right now the remote router (mobile). I also rebooted the remote router. The IPSEC still doesn't work. The change in IPSEC configuration also broke the dynamic dns configuration and I lost totally connection to the remote router and services (thru hhtp and https), however the remote router's wifi is still working . The remote router rebooted automatically last night but the problem still exists. I checked the dynamic IPaddress (no-ip) which shows that now the dynamic ipaddress is a operator's network address (https://www.countryipblocks.net/country_ip_location_database24.php?ipgroup=213.216.242), not a proper device address, so it seems  that the configuration is corrupted.
by
There was a serious winter storm and the whole mobile nerwork was down for two days. That happened exactly at the same time I changed the remote router's configuration and lost totally the connection.  Now I can connect again to the remote router (thru hhtp and hhtps) but the IPSEC still doesn't work. Now the configuration has done according to this document: https://community.teltonika-networks.com/?qa=blob&qa_blobid=2523811953889951933 and there is no "remote vpn endpoint" or static routes at the server (mobile) side. There is a sample of the client router's log. Same errors occur at the server side.

Sun Jan  6 12:23:51 2019 daemon.info syslog: 16[ENC] generating QUICK_MODE request 1591028077 [ HASH SA No KE ID ID ]
Sun Jan  6 12:23:51 2019 daemon.info syslog: 16[NET] sending packet: from 78.XX.XXX.XXX[500] to 188.XX.XX.XX[500] (372 bytes)
Sun Jan  6 12:23:51 2019 daemon.info syslog: 05[NET] received packet: from 188.XX.XX.XX[500] to 78.XX.XXX.XXX[500] (372 bytes)
Sun Jan  6 12:23:51 2019 daemon.info syslog: 05[ENC] parsed QUICK_MODE response 1591028077 [ HASH SA No KE ID ID ]
Sun Jan  6 12:23:52 2019 user.info Messaged[4735]: Start from new event "Output" "Digital relay output off"
Sun Jan  6 12:23:52 2019 user.info Messaged[4751]: Start from new event "Output" "Digital OC output off"
Sun Jan  6 12:23:52 2019 cron.info crond[4761]: crond (busybox 1.28.3) started, log level 5
Sun Jan  6 12:23:53 2019 daemon.info syslog: 05[KNL] received netlink error: Network is unreachable (128)
Sun Jan  6 12:23:53 2019 daemon.info syslog: 05[KNL] unable to install source route for 192.168.0.1
by

This is how I've configured the IPSEC. https://wiki.teltonika.lt/view/IPsec_configuration_examples

Seems that it's impossible for me to get the IPSEC working. The tunnel is up but the mobile operator has blocked the PING-command and I can't test the connection. Is there anything I could do or shall I just give up?

Wed Feb 13 16:12:20 2019 daemon.info syslog: 08[KNL] received netlink error: Network is unreachable (128)
Wed Feb 13 16:12:20 2019 daemon.info syslog: 08[KNL] unable to install source route for 192.168.0.1