10921 questions

13023 answers

20289 comments

27181 members

0 votes
126 views 2 comments
by
Hello,

we have always used RUT240 up to now.
Now we wanted to test the RUTX08. With this device we don't get a VPN connection.

I have attached both configurations to the appendix.
The IP addresses are a little different and the passwords are removed.
I would be happy if someone could help us.

3 Answers

0 votes
by

Hello,

First, please, check and if needed update RutX08 firmware to the latest and repeat a test. The latest FW has fixed an IPSec crash issue when using a mobile phone.

Regards.

by
Hello,

I have now updated. Still no function.
by

I get this error message on the server:


Jan 5 14:58:09     racoon: INFO: Hashing 213.23.86.XXX[500] with algo #1
Jan 5 14:58:09     racoon: INFO: Hashing 109.40.199.XX1[500] with algo #1
Jan 5 14:58:09     racoon: INFO: Adding remote and local NAT-D payloads.
Jan 5 14:58:09     racoon: ERROR: invalid DH group 19.
Jan 5 14:58:09     racoon: ERROR: invalid DH group 19.

Jan 5 14:58:09     racoon: INFO: Selected NAT-T version: RFC 3947
Jan 5 14:58:09     racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Jan 5 14:58:09     racoon: INFO: received Vendor ID: RFC 3947
Jan 5 14:58:09     racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Jan 5 14:58:09     racoon: INFO: received Vendor ID: DPD
Jan 5 14:58:09     racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Jan 5 14:58:09     racoon: INFO: begin Aggressive mode.
Jan 5 14:58:09     racoon: INFO: respond new phase 1 negotiation: 213.23.86.XXX[500]<=>109.40.199.XXX[500]

0 votes
by

Hello,

Please confirm that the DH group setting matches on both ends, the Teltonika router as well as the other router. Currently the error indicates that the Phase 1 DH group is invalid/misconfigured on some device. DH group 19 is the equivalent of "ECP256" in the IPsec settings on our Teltonika routers. Please double check this setting if it matches on both ends.

If that is not the issue then please, could you send me over the attached files via private message? I cannot see them currently.

Best regards,

Tomas.

0 votes
by

Hi,

set in the TELTONIKA is "modp1536" DH Group 5.
As seen in my pictures.

RUT240 old device with a working connection to the server:

RUTX08 new device with which I cannot establish a connection. Same configuration as the old device.