11341 questions

13516 answers

21177 comments

31676 members

0 votes
126 views 14 comments
by
Hello,

I'm having trouble in configuring IPSec in a teltonika RUTXR1 router. This router is connected to 4G. I also have other 4G router (TP-Link). I tried contacting TP-Link regarding why the status of the connection is always down. They told me the configuration in TP-Link router was correct and that the problem might be a security feature in teltonika that is preventing the connection.

Is there any security feature that might prevent connection by IPsec?

Thank you

1 Answer

0 votes
by

Hello,

What are the outputs of the following commands (on a ssh or CLI shell):

  • ipsec statusall
  • iptables -t nat -n -L | grep 'pol ipsec'

Regards,

by

nmap -p 500 -sU -Pn  87.103.96.213 indicates that 500/UDP is open.

nmap -p 500 -sU -Pn  87.103.102.197 indicates that 500/UDP is open or filtered, so it is hard to tell if it is working or not.

If possible, you can try to revert the roles, ie set the TP-Link as the initiator of the tunnel it will be easier to debug.

Edit: port 500 on 87.103.102.197 never replies, even with a reject of some sort.

by

Hi

What are the chances that the industrial Teltonika router is not compatible with home TP-Link router? Can you guarantee that my Teltonika (RUTXR1) is capable of communicating with a Teltonika RUT240, by VPN? Maybe that is the most plausible solution for my problem.

Thank you

by

Things have changed since yesterday. It appears that the router at 87.103.102.197 replies to solicitations on the 500/UDP port now. Could you retry to establish the tunnel ?

 

by
Hi, how do you know that? The router is turned off since yesterday and the sim card is deactivated (plafond expired). I can't test it right now. I think I'll have to buy another router. But first I want to know if teltonika is in fact incompatible with home router of tp-link TL-MR6400.

Thank you
by

how do you know that?

Just sent a IKE_SA_INIT Initiator Request to 87.103.102.197 on port 500, got an IKE_SA_INIT Responder Response. So there is something at this address able to reply to IKE requests.

But first I want to know if teltonika is in fact incompatible with home router of tp-link TL-MR6400

Nothing indicates that this is the case (at least yet).

EDIT: According to the User's Guide of the TL-MR6400 Rev 5.0.0, this router is able to handle OpenVPN and PPTP, and IPSEC is not mentioned. So use one of the former protocols instead of IPSEC.