WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

IPSEC OPEN PORTS

0 votes
4,675 views 3 comments
by

Hi, my IPSEC-tunnel stopped connecting long time ago maybe because the ISP has blocked the necessary ports on the mobile network? I've described  the problem earlier here:  

https://community.teltonika-networks.com/2116/rut950-ipsec-doesnt-connect?show=2116#q2116

The ISP has blocked the following ports (IPv4):

TCP-ports

  • 25 outbound
  • 1-499 inbound
  • 501-1023 inbound
  • 7547 outbound/inbound

UDP-ports:

  • 1-122 inbound
  • 124-258 inbound
  • 260-499 inbound
  • 501-1023 inbound
  • 1900 inbound

Is there anything I can do?

1 Answer

0 votes
by

Hi,

Seems port 500 and 4500 is not blocked, so it should work.

Have you tried to set in both routers "My identifier"? Enter in that tab router LAN IP.

by

I've tried that and hundreds of other possibilities :)

I think to make IPSec work through firewalls, UDP ports 500 and 4500 should be open and also permit IP protocol numbers 50 and 51 (ESP,AH).

https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers

I scanned those ports and protocols and here are the results. UDP port 4500 and protocol 50 gave no response. Is it impossible to make IPSec to work?

by
As I understand your router has public IPs, so easiest way to check if ports are not closed try to test port forwarding and check these ports 500 and 4500.

Before test reset router to default settings and after that disable traffic rules related with port 500 and 4500.

After test, you will be sure if port's are not blocked.
by

Yes, the router(s) has(have) public IPs. Unfortunately I can't reset the remote router on the mobile side because otherwise I'll loose the connection.

I disabled the IPSec and scanned the ports and protocols. The result shows that port 500 and 4500 are closed and protocols 50 and 51 are open (any response in any protocol from target host).

Then I explicitely forwarded the router port 500 to port 500 and scanned it but the port remained closed.

When I enabled the IPSEc again, the scanning resuls shows that there are services listening port 500 and 4500. Correspondingly protocols 50 and 51 gave no response.

I'm no expert, so this is the best I can do. The mobile operetor don't recommend anything either. When I configured the IPSec for the first time two years ago there were no problem  Now this seems impossible to make work.