6679 questions

8047 answers

13109 comments

9246 members

0 votes
134 views 21 comments
by
Hi,

Trying to configure a Route Based VPN with RUTX router and Sonicwall. (instead of policy based)

I am trying to follow the steps here:

https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN

The VPN is established with 0.0.0.0/32 local and remote but I cannot create the tunnel interface discussed in the guide.

When creating the VTI with

root@Teltonika-RUTX11:~# ip tunnel add ipsec0 mode vti local 192.168.70.4 remote 192.168.70.3 key 42

add tunnel "ip_vti0" failed: No such device

Has anybody successfully created a Route Based VPN with RUTX router?

Thanks

1 Answer

0 votes
by

Hello,

We do have an instruction on how to configure IPsec between Sonicwall device and our devices. You may find useful information here: https://kaunas.teltonika.lt:444/f/26dd8c994ee74cfd80ea/?dl=1

I would recommend configuring IPsec in a regular way, then look it up from here.

Regards.

by
Glad to see you were able to build a version including kmod-ip-vti.

What is the result if you add a route, something like "ip route add 0.0.0.0/0 dev ipsec0" ?

What is the output of "ip route show" ?

What is the output of "tcpdump -i any -n -v 'icmp'" ? Do you have ICMP unreachable error packets ?
by

Ok so now it is working...

i added the VTI4 package

Then recreated the VTI this time adding the WAN addresses to the local remote:

ip tunnel add vti1 mode vti local ******** remote ***** key 100

ip link set up vti1

ip addr add 192.168.12.7/29 dev vti1

Then

sysctl -w net.ipv4.conf.vti1.rp_filter=0

sysctl -w net.ipv4.conf.vti1.disable_policy=1

Then 

ipsec restart

This was quite helpful...

https://www.youtube.com/watch?v=HDqAl_PozCU

Thanks for all your help and speedy responses

by

Kudos for vtiv4, next time add it to the SDK also:

scripts/feeds install vtiv4

and enable it in make menuconfig.

by

I cant seen to get the updown script to be found when ipsec is stablished. I need this to program the tunnel settings

when setting in ipsec.conf

leftupdown=/etc/ud.sh

logread shows after successful ipsec connection

Tue May 18 13:46:45 2021 daemon.info ipsec: 07[CHD] updown: /bin/sh: /etc/ud.sh: not found

i know the file is there because i can vi straight to it.

Should this work like this?

by
/etc/ud.sh must be executable: chmod +x /etc/ud.sh