10879 questions

12963 answers

20221 comments

26152 members

0 votes
102 views 1 comments
by
Hello,

I have been trying to set up an IPsec tunnel (over 4G) between two RUT955 routers by following the guide (https://wiki.teltonika-networks.com/view/IPsec_configuration_examples). The connection seems to be successfully established, and if I check the ipsec status in CLI on one end, I get (true IP censored):

Office-Office_c[1]: ESTABLISHED 70 minutes ago, 89.XXX.XXX.XXX[FQDN]...89.XXX.XXX.XXX[FQDN]
Office-Office_c{2}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c459d847_i c0b6c0b3_o
Office-Office_c{2}: 10.0.61.0/24 === 10.0.63.0/24

I am trying to establish the tunnel between the two subnets 10.0.61.0/24 and 10.0.63.0/24, and the routers have been given the LAN IPs 10.0.61.1 and 10.0.63.1 with Netmask 255.255.255.0. Even though the connection seems to be established, I am unable to ping from 10.0.61.1 to 10.0.63.1 in CLI (and vice versa). Also, if I connect devices with IPs 10.0.61.XXX and 10.0.63.XXX with Netmasks 255.255.255.0, I am unable to ping between them.

I have been looking around, and this seems to be a fairly straight forward setup. Is there something obvious I have missed? I have uploaded screenshots of the two IPsec configurations.

Sincerely,
Isthan

1 Answer

0 votes
by
I solved the problem.

I followed the IPsec configuration examples and ensured that 1 router had a (truly) public IP while the other router had Auto APN enabled. This successfully established an IPsec tunnel, but I was unable to ping or send any data through the tunnel. When I disabled Auto APN on the second router and used a custom APN to obtain a truly public IP, the tunnel was once again successfully established and now I can ping / send data. I don't know why Auto APN caused these problems - maybe it is specific to the provider - but it seems like having two public IPs is required in my case (and not just 1, according to IPsec configuration examples pre-requisites).

In CLI you can check your public IP with "curl ifconfig.co". See if it matches the mobile interface IP to verify that you in fact have a public IP.

Could be worth trying if anyone else is facing similar problems :)
by

Hello,

An Access Point Name (APN) is a gateway between a GSM, GPRS, 3G or 4G mobile network and another computer network. Depending on the contract, some operators may require you to enter the APN just to complete the registration to a network.

Best regards,