FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
409 views 2 comments
by anonymous
Hello,

we have always used RUT240 up to now.
Now we wanted to test the RUTX08. With this device we don't get a VPN connection.

I have attached both configurations to the appendix.
The IP addresses are a little different and the passwords are removed.
I would be happy if someone could help us.

3 Answers

0 votes
by anonymous

Hello,

First, please, check and if needed update RutX08 firmware to the latest and repeat a test. The latest FW has fixed an IPSec crash issue when using a mobile phone.

Regards.

by anonymous
Hello,

I have now updated. Still no function.
by anonymous

I get this error message on the server:


Jan 5 14:58:09     racoon: INFO: Hashing 213.23.86.XXX[500] with algo #1
Jan 5 14:58:09     racoon: INFO: Hashing 109.40.199.XX1[500] with algo #1
Jan 5 14:58:09     racoon: INFO: Adding remote and local NAT-D payloads.
Jan 5 14:58:09     racoon: ERROR: invalid DH group 19.
Jan 5 14:58:09     racoon: ERROR: invalid DH group 19.

Jan 5 14:58:09     racoon: INFO: Selected NAT-T version: RFC 3947
Jan 5 14:58:09     racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Jan 5 14:58:09     racoon: INFO: received Vendor ID: RFC 3947
Jan 5 14:58:09     racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Jan 5 14:58:09     racoon: INFO: received Vendor ID: DPD
Jan 5 14:58:09     racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Jan 5 14:58:09     racoon: INFO: begin Aggressive mode.
Jan 5 14:58:09     racoon: INFO: respond new phase 1 negotiation: 213.23.86.XXX[500]<=>109.40.199.XXX[500]

0 votes
by anonymous

Hello,

Please confirm that the DH group setting matches on both ends, the Teltonika router as well as the other router. Currently the error indicates that the Phase 1 DH group is invalid/misconfigured on some device. DH group 19 is the equivalent of "ECP256" in the IPsec settings on our Teltonika routers. Please double check this setting if it matches on both ends.

If that is not the issue then please, could you send me over the attached files via private message? I cannot see them currently.

Best regards,

Tomas.

0 votes
by anonymous

Hi,

set in the TELTONIKA is "modp1536" DH Group 5.
As seen in my pictures.

RUT240 old device with a working connection to the server:

RUTX08 new device with which I cannot establish a connection. Same configuration as the old device.