Question

Im trying to setup a IPSEC connection using UCI, but I'm running into some issues.

When i manually add the connection via the webinterface, everything works as expected. However, when i apply the same settings via UCI, it shows up correctly in the web interface, and i can enable it, but it doesn't connect.

I think i may have to apply some firewall rules / redirects as well, but i can't figure out which ones. ( im a programmer, not a networking expert )

Does anyone know what other settings i need to apply to make the IPSEC connection work, using only UCI to configure everything?

Answer 1

Hello, 

Regarding creating a ipsec tunnel using UCI you can refer to this: 
 

uci set ipsec.Jerome=remote
uci set ipsec.Jerome.crypto_proposal='Jerome_ph1'
uci set ipsec.Jerome.gateway='Jerome'
uci set ipsec.Jerome.authentication_method='psk'
uci set ipsec.Jerome.tunnel='Jerome_c'
uci set ipsec.Jerome.force_crypto_proposal='0'
uci set ipsec.Jerome.enabled='0'
uci set ipsec.Jerome.pre_shared_key='123123'
uci set ipsec.Jerome.local_identifier='RUT'
uci set ipsec.Jerome.remote_identifier='RUT1'
uci set ipsec.Jerome_c=connection
uci set ipsec.Jerome_c.crypto_proposal='Jerome_ph2'
uci set ipsec.Jerome_c.mode='start'
uci set ipsec.Jerome_c.type='tunnel'
uci set ipsec.Jerome_c.defaultroute='0'
uci set ipsec.Jerome_c.keyexchange='ikev1'
uci set ipsec.Jerome_c.forceencaps='no'
uci set ipsec.Jerome_c.local_firewall='yes'
uci set ipsec.Jerome_c.remote_firewall='no'
uci set ipsec.Jerome_c.force_crypto_proposal='0'
uci set ipsec.Jerome_c.local_subnet='192.168.10.0/24'
uci set ipsec.Jerome_c.remote_subnet='192.168.102.0/24'
uci set ipsec.Jerome_c.ikelifetime='8h'
uci set ipsec.Jerome_c.lifetime='8h'
uci set ipsec.Jerome_ph1=proposal
uci set ipsec.Jerome_ph1.encryption_algorithm='aes128'
uci set ipsec.Jerome_ph1.hash_algorithm='sha1'
uci set ipsec.Jerome_ph1.dh_group='modp1536'
uci set ipsec.Jerome_ph2=proposal
uci set ipsec.Jerome_ph2.encryption_algorithm='aes128'
uci set ipsec.Jerome_ph2.hash_algorithm='sha1'
uci set ipsec.Jerome_ph2.dh_group='modp1536'

uci commit ipsec                          -> commit changes
/etc/init.d/ipsec restart                 -> restart the service

Note: Each parameter values much meet with your IPSec Server in order to make a successful connection 

For more information about these UCI commands you may refer to this link: UCI command usage - Teltonika Networks Wiki (teltonika-networks.com)

Also just keep in mind it is best to install the latest firmware available on our wiki page. 
RUTX11 Firmware Downloads - Teltonika Networks Wiki (teltonika-networks.com)

Regards,

Mellow