10921 questions

13023 answers

20289 comments

27181 members

0 votes
67 views 3 comments
by
Hi,

I've setup an IPSEC vpn between a RUTX12 on FW RUTX_R_00.02.06.1 and a Draytek 2860 on FW 3.8.9.3. The tunnel is up but I can only see one way traffic from the Draytek end to the RUTX12 end. I can ping/rdp to devices on the RUTX12 end but not the other way. I've tried all manner of open ports/static routes etc but I'm banging my head against a brick wall. I'm using the same encryption method on the Draytek to link to an Azure network on an IPSEC vpn and that works no problem so I know I've got something on the RUTX12 I'm missing!

I've added the troubleshooting logs and a very basic drawing of the VPN setup and wondered if anyone could point me in the direction of what I'm missing or what could be the problem?

Thank you!

1 Answer

0 votes
by

Hello Mick,

I suggest you to use the latest firmware : RUTX_R_00.07.02.1.

As there has been lot of upgrades and fixes for IPsec after was released: RUTX_R_00.02.06.1

You can download the latest firmware using the link below:

https://wiki.teltonika-networks.com/view/RUTX12_Firmware_Downloads

Regards,

Shivang 

by
Thank you, will upgrade tonight and let you know!
by

Hi, firmware is now up to RUTX_R_00.07.02.1 but nothing has changed, still only one way traffic!

Thanks,

Mick

by
Hello Mick,

For troubleshooting Can you please share the troubleshoot file with the latest version? Also please share the complete file as it contains logs and more information to find the issue.

You can share it through private message if don't want to share it here.

Also, please share the IPSEC configuration on both RUTX12 and  Draytek 2860

There are a couple of suggestions that can help you with IPSEC:

1. Make sure the configurations on both sides (Server and Client ) are the same, except for IPs.

2. You can check if the tunnel has been established using the <ipsec status> command.

3. Make sure the configurations for phase 1 and phase 2 are ideal for (Server and Client ).

4. Make sure your subnets are not the same, and your network does not overlap with each other.

Regards,

Shivang