8904 questions

10557 answers

16569 comments

15946 members

0 votes
3,054 views 9 comments
by
Hi, I've got exactly the same configuration than scheme 2  here:

https://wiki.teltonika.lt/index.php?title=IPsec_configuration_examples

Both sides have dynamic dsn address  (no-ip). The other RUT is connected to the mobile network and the other end is connected to the cable network. So both ends have a public ip-address.

The connection worked well almost a year but after testing RUT with another operator's SIM card, also the old ipsec connection stopped working because I changed the configuration. I also upgated both routers to the newest firmware.

Seems that there is problem with routing, because the ping works to the routers' public ip-adress but not to the lan-addresses. The system log shows following errors:

Mon Sep 10 20:09:07 2018 daemon.info syslog: 07[NET] sending packet: from 46.132.xxx.xx[500] to 78.27.xxx.xxx[500] (372 bytes)
Mon Sep 10 20:09:08 2018 daemon.info syslog: 08[NET] received packet: from 78.27.xxx.xxx[500] to 46.132.xxx.xx[500] (60 bytes)
Mon Sep 10 20:09:08 2018 daemon.info syslog: 08[ENC] parsed QUICK_MODE request 2178071263 [ HASH ]
Mon Sep 10 20:09:08 2018 daemon.info syslog: 08[KNL] received netlink error: Network is unreachable (128)
Mon Sep 10 20:09:08 2018 daemon.info syslog: 08[KNL] unable to install source route for 192.168.1.1

I've tried every combination of IPSEC parameters but I allways get those network errors.

1 Answer

0 votes
by
Hello,

Teltonika is aware of this issue and a fix has already been prepared in a test firmware version. The test firmware is a version that has not been fully tested and is released only to check whether the fix works correctly. So there may be some other issues present in that version. The fix will be implemented in the next release version and will be available for download from our Wiki page. Meanwhile, I will also provide with the link to the fix version if you wish to try that out.

RUT9xx Firmwares: https://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware
Test firmware: https://wiki.teltonika.lt/images/8/8c/RUT9XX_T_F0075_00.05.01.6_WEBUI.bin
by
Hi, I upgraded both routers to the test firmware above but the same errors still exists and ipsec fails. I hope you guys fix this critical bug soon. I you want, I can send the troubleshoot file to you.
by
This is strange because I've just tested this with the same firmware and it works fine.

Did you upgrade with the "Keep settings" option? If so, can you try doing it without it?
by
I upgraded both routers with the "Keep settings" option. It's too much work to start both configurations from scratch. Anyway, I tested connection with IKE1 and IKE2, both with Main and aggressive mode.

Tue Sep 11 15:56:19 2018 daemon.info syslog: 07[IKE] authentication of '' with pre-shared key successful

Tue Sep 11 15:56:19 2018 daemon.info syslog: 07[IKE] IKE_SA koti[503] established between 78.27.xxx.xxx[]...193.210.xxx.xxx[]
Tue Sep 11 15:56:19 2018 authpriv.info syslog: 07[IKE] IKE_SA koti[503] established between 78.27.xxx.xxx[]...193.210.xxx.xxx[]
Tue Sep 11 15:56:19 2018 daemon.info syslog: 07[IKE] scheduling reauthentication in 28514s
Tue Sep 11 15:56:19 2018 daemon.info syslog: 07[IKE] maximum IKE_SA lifetime 28694s
Tue Sep 11 15:56:19 2018 daemon.info syslog: 07[KNL] received netlink error: Network is unreachable (128)
Tue Sep 11 15:56:19 2018 daemon.info syslog: 07[KNL] unable to install source route for 192.168.0.1
by

Now I upgraded to the

Latest FW* RUT9XX_R_00.05.01.8 2018.09.10

 Didn't help, same netlink error & unable to install source route

by
You can either try the test firmware without the "Keep settings" option or wait for the release version of the firmware where the fixes will be implemented (which should be called RUT9XX_R_00.05.02.xxx). Once the firmware is out, it will be available for download from the same Wiki page.
by
Now I've upgraded to version RUT9XX_R_00.05.02.2 but IPSEC still doesn't work.
by

I upgraded the remote RUT to the test firmware: https://wiki.teltonika.lt/images/8/8c/RUT9XX_T_F0075_00.05.01.6_WEBUI.bin  .

That was the worst advice ever, because I lost the contact to the remote RUT totally. I can't ping it anymore. The router is 300 km's away.

First the IPSEC stopped working in august and now this. There is absolutely no way to use my remote control system anymore.

by

There is now a new firmware RUT9XX_R_00.05.02.3 | 2018.10.22

  • New:
    • Added event log entry when clearing mobile data limit
  • Fixes:
    • Data limit calculation fixes
    • SIM switch: data limit check fixes

However, there is nothing about the IPSEC bug. Have you finally  fixed it?

by

Now I've upgraded both routers to version RUT9XX_R_00.05.03.3 but IPSEC still doesn't work.

Both sides have dynamic dsn-address  (no-ip). The other RUT is connected to the mobile network and the other end is connected to the cable network. Both ends have a public ip-address. The cable and mobile operator is DNA (Finland).

The confiquration is exactly like this: https://wiki.teltonika.lt/index.php?title=IPsec_configuration_examples

Both router's log shows the same error:

Tue Dec 25 18:58:12 2018 daemon.info syslog: 12[NET] sending packet: from 87.xx.xx.xx[500] to 78.xx.xxx.xxx[500] (372 bytes)
Tue Dec 25 18:58:12 2018 daemon.info syslog: 13[NET] received packet: from 78.xx.xxx.xxx[500] to 87.xx.xx.xx[500] (60 bytes)
Tue Dec 25 18:58:12 2018 daemon.info syslog: 13[ENC] parsed QUICK_MODE request 1017677606 [ HASH ]
Tue Dec 25 18:58:12 2018 daemon.info syslog: 13[KNL] received netlink error: Network is unreachable (128)
Tue Dec 25 18:58:12 2018 daemon.info syslog: 13[KNL] unable to install source route for 192.168.1.1

'***************************************

Tue Dec 25 19:00:52 2018 daemon.info syslog: 12[NET] sending packet: from 78.xx.xxx.xxx[500] to 87.xx.xx.xx[500] (372 bytes)
Tue Dec 25 19:00:52 2018 daemon.info syslog: 13[NET] received packet: from 87.xx.xx.xx[500] to 78.xx.xxx.xxx[500] (60 bytes)
Tue Dec 25 19:00:52 2018 daemon.info syslog: 13[ENC] parsed QUICK_MODE request 3127257608 [ HASH ]
Tue Dec 25 19:00:52 2018 daemon.info syslog: 13[KNL] received netlink error: Network is unreachable (128)
Tue Dec 25 19:00:52 2018 daemon.info syslog: 13[KNL] unable to install source route for 192.168.0.1

The connection worked last time in the summer, some 5 months ago. Nothing seems to help.