WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

IPsec VPN doesn't work (No connection to other router)

0 votes
708 views 14 comments
by anonymous
Hello,

I'm having trouble in configuring IPSec in a teltonika RUTXR1 router. This router is connected to 4G. I also have other 4G router (TP-Link). I tried contacting TP-Link regarding why the status of the connection is always down. They told me the configuration in TP-Link router was correct and that the problem might be a security feature in teltonika that is preventing the connection.

Is there any security feature that might prevent connection by IPsec?

Thank you

1 Answer

0 votes
by anonymous

Hello,

What are the outputs of the following commands (on a ssh or CLI shell):

  • ipsec statusall
  • iptables -t nat -n -L | grep 'pol ipsec'

Regards,

Show 9 previous comments
by anonymous

nmap -p 500 -sU -Pn  87.103.96.213 indicates that 500/UDP is open.

nmap -p 500 -sU -Pn  87.103.102.197 indicates that 500/UDP is open or filtered, so it is hard to tell if it is working or not.

If possible, you can try to revert the roles, ie set the TP-Link as the initiator of the tunnel it will be easier to debug.

Edit: port 500 on 87.103.102.197 never replies, even with a reject of some sort.

by anonymous

Hi

What are the chances that the industrial Teltonika router is not compatible with home TP-Link router? Can you guarantee that my Teltonika (RUTXR1) is capable of communicating with a Teltonika RUT240, by VPN? Maybe that is the most plausible solution for my problem.

Thank you

by anonymous

Things have changed since yesterday. It appears that the router at 87.103.102.197 replies to solicitations on the 500/UDP port now. Could you retry to establish the tunnel ?

 

by anonymous
Hi, how do you know that? The router is turned off since yesterday and the sim card is deactivated (plafond expired). I can't test it right now. I think I'll have to buy another router. But first I want to know if teltonika is in fact incompatible with home router of tp-link TL-MR6400.

Thank you
by anonymous

how do you know that?

Just sent a IKE_SA_INIT Initiator Request to 87.103.102.197 on port 500, got an IKE_SA_INIT Responder Response. So there is something at this address able to reply to IKE requests.

But first I want to know if teltonika is in fact incompatible with home router of tp-link TL-MR6400

Nothing indicates that this is the case (at least yet).

EDIT: According to the User's Guide of the TL-MR6400 Rev 5.0.0, this router is able to handle OpenVPN and PPTP, and IPSEC is not mentioned. So use one of the former protocols instead of IPSEC.