Dear all,
I'm quite new in this community and I'm quite new in router sonfigurations.
Therefore i did check all Wiki and FAQ pages about IPSec configuration I was able to find.
So I did do the configuration work as described in this site: IPsec RUTOS configuration example - Teltonika Networks Wiki (teltonika-networks.com)
But unfortunately it doesn't work. All hints I was able to find did not solve the issue.
Im using RUT955 with FW RUT9_R_00.07.02.6 and RUT300 with RUT30X_R_00.07.02.6. Both latest FW.
ipsec statusall on RUT955 that should establish the IPSec connection sais:
ipsec statusall
Status of IKE charon daemon (strongSwan 5.9.2, Linux 5.4.147, mips):
uptime: 35 minutes, since Aug 31 14:34:39 2022
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1
loaded plugins: charon aes des sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem openssl gmp xcbc hmac kernel-netlink socket-default stroke vici updown eap-identity eap-mschapv2 xauth-generic
Listening IP addresses:
xxx
Connections:
passth_MibaIPS_ph2_lan: %any...%any IKEv1/2
passth_MibaIPS_ph2_lan: local: uses public key authentication
passth_MibaIPS_ph2_lan: remote: uses public key authentication
passth_MibaIPS_ph2_lan: child: xxx === xxx PASS
passth_MibaIPS_ph2: child: dynamic === xxx PASS
MibaIPS-MibaIPS_c: %any...qgyyalo3kagmobn2.myfritz.net IKEv1
MibaIPS-MibaIPS_c: local: [xxx] uses pre-shared key authentication
MibaIPS-MibaIPS_c: remote: [xxx] uses pre-shared key authentication
MibaIPS-MibaIPS_c: child: xxx === xxx TUNNEL
Shunted Connections:
passth_MibaIPS_ph2_lan: xxx === xxx PASS
passth_MibaIPS_ph2: dynamic === xxx PASS
Security Associations (0 up, 1 connecting):
MibaIPS-MibaIPS_c[15]: CONNECTING, xxx[%any]...xxx[%any]
MibaIPS-MibaIPS_c[15]: IKEv1 SPIs: f09e1703b45b0364_i* 0000000000000000_r
MibaIPS-MibaIPS_c[15]: Tasks queued: QUICK_MODE
MibaIPS-MibaIPS_c[15]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD
(I did replace all IP addresses or MAC addresses by "xxx")
ipsec statusall on RUT930 that waits with a public IP for connection requests sais:
Status of IKE charon daemon (strongSwan 5.9.2, Linux 5.4.147, mips):
uptime: 51 minutes, since Aug 31 14:23:31 2022
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon aes des sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem openssl gmp xcbc hmac kernel-netlink socket-default stroke vici updown eap-identity eap-mschapv2 xauth-generic
Listening IP addresses:
xxx
Connections:
MibaIPS-MibaIPS_c: %any...%any IKEv1
MibaIPS-MibaIPS_c: local: [xxx] uses pre-shared key authentication
MibaIPS-MibaIPS_c: remote: [xxx] uses pre-shared key authentication
MibaIPS-MibaIPS_c: child: xxx === xxx TUNNEL
Security Associations (0 up, 0 connecting):
none
(I did replace all IP addresses or MAC addresses by "xxx")
RUT300 says is syslog: [IKE] unable to resolve %any, initiate aborted
Phase 1 and phase 2 configs on both servers are by 100% identical.
Does anyone hve an idea on how to solve?
Thx a lot in advance to all who try to support me.
cheers