WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

Rut240 - IPsec won't connect.

0 votes
4,358 views 7 comments
by
I'm using you guide without luck.

Is something changed.

The new FW also added a new feature - Secret's ID selector?

Best regards

Soeren DK

2 Answers

+2 votes
by anonymous

Hello,

Correct, latest RUT2 firmware versions has improved IPsec, which allows you to use multiple pre-shared keys for different connections.

If you want to establish basic IPsec connection between two Teltonika routers, then all you have to do is configure the following parameters:

  • "Remote VPN endpoint"
  • "Remote IP address/Subnet mask"
  • "Pre-shared Keys" (Press "Add" button in "Pre-shared Keys" section and enter your key in newly appeared line)

by
I have the same problem (RUT240-RUT955), with the old configuration (no selector, single preshared key) everything worked without problems. After RUT240 firmware update, it simply stops. I have added the preshared key, the same way you wrote, with the selector left blank, but it did not worked.

Secret´s ID selector should be blank? Or shoudl be there something?
by anonymous

Hello,

Everything depends on your router's configuration. If you are using simple IPsec configuration (i.e. just the necessary configuration fields), then "Sectors's ID selector" field can be left blank.

For example, below configuration is enough to establish IPsec between RUT2 and RUT9 routers (in this example, RUT2's LAN IP is 192.168.1.1, while RUT9's - 192.168.5.1):

RUT9:

RUT2:

by

Hello,

If I wanted to use multiple pre-shared keys for different connections, What I should type on "Secret's ID selector"? 

"%any" --> work fine, 

"IP" --> What IP?... Remote public IP? or Remote LAN IP? ... Remote Network IP?

FQDN --> What do you mean? (on this context)

Thanks and best regards

0 votes
by
Hi,

I have the same problem.

When I left the Secret's ID selector blank,it says:

"Warning! Secret's ID selector has not been specified.IPSEC will be unable to establish a conection"?
by anonymous
Hello,

try to add %any to selector.
by anonymous

I have the same problem. Device is RUT240 R1.12.3. Adding %any to selector . System log file says 

info ipsec: 12[IKE] unable to resolve %any; initiate aborted

Can somebody give a proper syntax description? The User Manual text is not clear to me:

Secret's ID selector string; default: none Each secret can be preceded by a list of optional ID selectors. A selector is an IP address, a Fully Qualified Domain Name, user@FQDN or %any.
NOTE: IKEv1 only supports IP address ID selector.

Am I supposed to make up a selector (IP address), add this IP address and "preceed" (i.e. add that at the beginning of the Pre-shared key string and add the combined string into the Pre-shared key field? 

by anonymous

Manual above the Field description says:

pre-shared key is a secret password used for authentication between IPsec peers before a secure tunnel is established. During authentication device will try to check if connection matches any Secret's ID selector and then the pre-shared key from the first match will be used.

When the Secret's ID selector is matched against "connection", what are you matching against? Remote address of the VPN connection, i.e. XX.XX.XX.0 or what?

by anonymous

Found syntax and background info here - I assume implementation of Teltonika uses the same mechanisms:

http://manpages.ubuntu.com/manpages/precise/man5/ipsec.secrets.5.html

Error message above 

info ipsec: 12[IKE] unable to resolve %any; initiate aborted

had different reason.  Was related to mistake in address of the remote end of the VPN tunnel, not due to Secret's ID Selector setting. Hope this helps.