subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
215 views 1 comments
by anonymous

I have been trying to set up an IPsec tunnel (over 4G) between two RUT955 routers by following the guide ( The connection seems to be successfully established, and if I check the ipsec status in CLI on one end, I get (true IP censored):

Office-Office_c[1]: ESTABLISHED 70 minutes ago, 89.XXX.XXX.XXX[FQDN]...89.XXX.XXX.XXX[FQDN]
Office-Office_c{2}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c459d847_i c0b6c0b3_o
Office-Office_c{2}: ===

I am trying to establish the tunnel between the two subnets and, and the routers have been given the LAN IPs and with Netmask Even though the connection seems to be established, I am unable to ping from to in CLI (and vice versa). Also, if I connect devices with IPs 10.0.61.XXX and 10.0.63.XXX with Netmasks, I am unable to ping between them.

I have been looking around, and this seems to be a fairly straight forward setup. Is there something obvious I have missed? I have uploaded screenshots of the two IPsec configurations.


1 Answer

0 votes
by anonymous
I solved the problem.

I followed the IPsec configuration examples and ensured that 1 router had a (truly) public IP while the other router had Auto APN enabled. This successfully established an IPsec tunnel, but I was unable to ping or send any data through the tunnel. When I disabled Auto APN on the second router and used a custom APN to obtain a truly public IP, the tunnel was once again successfully established and now I can ping / send data. I don't know why Auto APN caused these problems - maybe it is specific to the provider - but it seems like having two public IPs is required in my case (and not just 1, according to IPsec configuration examples pre-requisites).

In CLI you can check your public IP with "curl". See if it matches the mobile interface IP to verify that you in fact have a public IP.

Could be worth trying if anyone else is facing similar problems :)
by anonymous


An Access Point Name (APN) is a gateway between a GSM, GPRS, 3G or 4G mobile network and another computer network. Depending on the contract, some operators may require you to enter the APN just to complete the registration to a network.

Best regards,