10513 questions

12523 answers

19450 comments

22057 members

0 votes
75 views 2 comments
by
Hello,

after an Firmware Update from 13.3. to 1.14 the IPSEC tunnel does not start. The RUT does not sent any data for phaes 1 psk. After installation back to 13.3. the IPSec works. Is there a bug or do I need differnt configurations?

1 Answer

0 votes
by
Hello,

I have briefly checked and there were no reports that IPsec tunneling does not work in 1.14 firmware. Nevertheless, could you try to reconfigure IPsec interface from scratch after firmware 1.14 install? If that does not solve your issues, could you post screenshots of your configuration to take a deeper look at what may cause this behavior.

Regards.
by

Hy,

here the configuration with 1.13.

conn Tun1
        left=%any4
        leftid=
        leftsubnet=192.168.xxx.1/24
        leftauth=psk
        rightauth=psk
        authby=secret
        right=82...
        rightid=82...
        keyexchange=ikev1
        leftfirewall=yes
        rightfirewall=yes
        auto=start
        type=tunnel
        aggressive=no
        dpdaction=restart
        dpddelay=30
        dpdtimeout=150
        forceencaps=no
        keyingtries=%forever
        ike=aes256-md5-modp1024
        ikelifetime=7800s
        esp=aes256-md5-modp1024
        keylife=3600s
        rightsubnet=192.168.yyy.0/24


conn passthrough0
        leftsubnet=192.168.xxx.0/24
        rightsubnet=192.168.xxx.0/24
        type=passthrough
        authby=never
        auto=route

SA Established:

image image Test [1 of 1 IPsec SAs established]
image
image
SA: 192.168.xxx.0/24=82... image 77...=192.168.xxx.0/24
VPN ID: 81...
IKE: Auth PSK / Enc AES_CBC_256 / Hash HMAC_MD5 / Lifetime 7800s / PFS MODP_1024
ESP: Enc AES_CBC_256 / Hash HMAC_MD5 / Lifetime 3600s

I set update to 1.14 without keeping the settings and make the same configuration.

here the configuration with 1.14:

conn Tun
        left=%any4
        leftid=
        leftauth=psk
        rightauth=psk
        authby=secret
        right=81...
        rightid=81...
        keyexchange=ikev1
        leftfirewall=yes
        rightfirewall=yes
        auto=start
        type=tunnel
        aggressive=no
        dpdaction=restart
        dpddelay=30
        dpdtimeout=150
        forceencaps=no
        keyingtries=%forever
        ike=aes256-md5-modp1024
        ikelifetime=7800s
        esp=aes256-md5-modp1024
        keylife=3600s
        rightsubnet=192.168.125.0/24conn passthrough0
        leftsubnet=192.168.xxx.0/24
        rightsubnet=192.168.xxx.0/24
        type=passthrough
        authby=never
        auto=route

IPSec status:

Status of IKE charon daemon (strongSwan 5.6.2, Linux 3.18.44, mips):
  uptime: 29 minutes, since May 07 10:34:13 2021
  malloc: sbrk 114688, mmap 0, used 108744, free 5944
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes des sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem gmp xcbc hmac kernel-netlink resolve socket-default stroke updown xauth-generic
Listening IP addresses:
  192.168.yyy.yyy
  192.168.xxx.xxx
Connections:
   Tun:  %any4...81...  IKEv1, dpddelay=30s
   Tun:   local:  [any4] uses pre-shared key authentication
   Tun:   remote: [81...] uses pre-shared key authentication
   Tun:   child:  192.168.xxx.0/24 === 192.168.xxx.0/24 PASS, dpdaction=restart
Shunted Connections:
   Tun:  192.168.xxx.0/24 === 192.168.xxx.0/24 PASS
Security Associations (0 up, 0 connecting):
  none

The live protocoll from our firewall does not register a quote from remote adress.

Regards

by

Hello,

I would like to ask if you could test the IPsec tunnel with this firmware. You can download it by clicking here

Regards.