11342 questions

13519 answers

21178 comments

31678 members

0 votes
43 views 0 comments
by

Dear all, 

I'm quite new in this community and I'm quite new in router sonfigurations.

Therefore i did check all Wiki and FAQ pages about IPSec configuration I was able to find.

So I did do the configuration work as described in this site: IPsec RUTOS configuration example - Teltonika Networks Wiki (teltonika-networks.com)

But unfortunately it doesn't work. All hints I was able to find did not solve the issue.

Im using RUT955 with FW RUT9_R_00.07.02.6 and RUT300 with RUT30X_R_00.07.02.6. Both latest FW.

ipsec statusall on RUT955 that should establish the IPSec connection sais:

ipsec statusall

Status of IKE charon daemon (strongSwan 5.9.2, Linux 5.4.147, mips):

  uptime: 35 minutes, since Aug 31 14:34:39 2022

  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1

  loaded plugins: charon aes des sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem openssl gmp xcbc hmac kernel-netlink socket-default stroke vici updown eap-identity eap-mschapv2 xauth-generic

Listening IP addresses:

  xxx

Connections:

passth_MibaIPS_ph2_lan:  %any...%any  IKEv1/2

passth_MibaIPS_ph2_lan:   local:  uses public key authentication

passth_MibaIPS_ph2_lan:   remote: uses public key authentication

passth_MibaIPS_ph2_lan:   child:  xxx === xxx PASS

passth_MibaIPS_ph2:   child:  dynamic === xxx PASS

MibaIPS-MibaIPS_c:  %any...qgyyalo3kagmobn2.myfritz.net  IKEv1

MibaIPS-MibaIPS_c:   local:  [xxx] uses pre-shared key authentication

MibaIPS-MibaIPS_c:   remote: [xxx] uses pre-shared key authentication

MibaIPS-MibaIPS_c:   child:  xxx === xxx TUNNEL

Shunted Connections:

passth_MibaIPS_ph2_lan:  xxx === xxx PASS

passth_MibaIPS_ph2:  dynamic === xxx PASS

Security Associations (0 up, 1 connecting):

MibaIPS-MibaIPS_c[15]: CONNECTING, xxx[%any]...xxx[%any]

MibaIPS-MibaIPS_c[15]: IKEv1 SPIs: f09e1703b45b0364_i* 0000000000000000_r

MibaIPS-MibaIPS_c[15]: Tasks queued: QUICK_MODE

MibaIPS-MibaIPS_c[15]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD

(I did replace all IP addresses or MAC addresses by "xxx")

ipsec statusall on RUT930 that waits with a public IP for connection requests sais:

Status of IKE charon daemon (strongSwan 5.9.2, Linux 5.4.147, mips):

  uptime: 51 minutes, since Aug 31 14:23:31 2022

  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0

  loaded plugins: charon aes des sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem openssl gmp xcbc hmac kernel-netlink socket-default stroke vici updown eap-identity eap-mschapv2 xauth-generic

Listening IP addresses:

  xxx

Connections:

MibaIPS-MibaIPS_c:  %any...%any  IKEv1

MibaIPS-MibaIPS_c:   local:  [xxx] uses pre-shared key authentication

MibaIPS-MibaIPS_c:   remote: [xxx] uses pre-shared key authentication

MibaIPS-MibaIPS_c:   child:  xxx === xxx TUNNEL

Security Associations (0 up, 0 connecting):

  none

(I did replace all IP addresses or MAC addresses by "xxx")

RUT300 says is syslog: [IKE] unable to resolve %any, initiate aborted

Phase 1 and phase 2 configs on both servers are by 100% identical.

Does anyone hve an idea on how to solve?

Thx a lot in advance to all who try to support me.

cheers

1 Answer

0 votes
by

Hi,

Please send me the troubleshoot file from both devices via Private message. To download the configuration file, go to WebUI and navigate to System->Administration->Troubleshoot and click on the download button. Before downloading the configuration files, please let the issues reproduce so that I can see them in the logs.

Regards,
RS