FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
464 views 2 comments
by
I have successfully set up IKEv2 connection between the two routers. RUT240 is on 4G with dynamic address, Vigor is on static public IP.

However I don't have a working route betweeen the two LAN subnets (192.168.100.0 at Draytek and 192.168.210.0 at RUT). I can see error message in RUT240 log - unable to install source route.

Mon Oct 19 15:40:43 2020 daemon.info ipsec: 05[CFG] added configuration 'Control'

Mon Oct 19 15:40:43 2020 daemon.info ipsec: 07[CFG] received stroke: initiate 'Control'

Mon Oct 19 15:40:43 2020 daemon.info ipsec: 07[IKE] initiating IKE_SA Control[1] to 87.224.14.189

Mon Oct 19 15:40:44 2020 daemon.notice netifd: ppp (2258): [10-19_15:40:44:907] requestRegistrationState2 MCC: 234, MNC: 10, PS: Attached, DataCap: LTE

Mon Oct 19 15:40:45 2020 local1.info gsmd[1644]: gsmd send: 'AT+COPS?' (9)

Mon Oct 19 15:40:45 2020 local1.info gsmd[1644]: gsmd get: '+COPS: 0,2,"23410",7' (20)

Mon Oct 19 15:40:45 2020 daemon.info ipsec: 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]

Mon Oct 19 15:40:45 2020 daemon.info ipsec: 07[NET] sending packet: from 10.176.1.8[500] to 87.224.14.189[500] (570 bytes)

Mon Oct 19 15:40:45 2020 local1.notice fwblock[17021]: Started fwblock

Mon Oct 19 15:40:45 2020 local1.notice fwblock[17021]: Applying SSH blocks

Mon Oct 19 15:40:45 2020 local1.notice fwblock[17021]: Applying WebUI blocks

Mon Oct 19 15:40:45 2020 daemon.info ipsec: 09[NET] received packet: from 87.224.14.189[500] to 10.176.1.8[500] (357 bytes)

Mon Oct 19 15:40:45 2020 daemon.info ipsec: 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ N(NATD_S_IP) N(NATD_D_IP) ]

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 09[IKE] local host is behind NAT, sending keep alives

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 09[IKE] authentication of 'RDC' (myself) with pre-shared key

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 09[IKE] establishing CHILD_SA Control{1}

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 09[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 09[NET] sending packet: from 10.176.1.8[4500] to 87.224.14.189[4500] (348 bytes)

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[NET] received packet: from 87.224.14.189[4500] to 10.176.1.8[4500] (204 bytes)

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[ENC] parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr ]

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[IKE] authentication of 'Control' with pre-shared key successful

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[IKE] IKE_SA Control[1] established between 10.176.1.8[RDC]...87.224.14.189[Control]

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[IKE] scheduling reauthentication in 27830s

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[IKE] maximum IKE_SA lifetime 28370s

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[KNL] received netlink error: Network is unreachable (128)

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[KNL] unable to install source route for 192.168.210.1

Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[IKE] CHILD_SA Control{1} established with SPIs c6d8212e_i 219ad2b1_o and TS 192.168.210.0/24 === 192.168.100.0/24

Mon Oct 19 15:40:47 2020 user.notice chilli: Stoping chilli.

Mon Oct 19 15:40:47 2020 user.notice chilli: Start

The two subnets are defined in both the routers:

Any ideas?

1 Answer

0 votes
by anonymous
Hello,

Couple of questions, first is what FW version you are using on yours RUT240, and second do you have more than one WAN interface configured on yours router?

Best regards,
VidasKac.
by

R_00.01.12.3

Second WAN interface is set as backup but not connected to anything

Andrew

by anonymous
Hello,

could you post yours IPsec configuration from both sides of the tunnel?