FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
187 views 0 comments
by anonymous

I have configured IPSec VPN from RUT240 to Juniper vSRX. tunnel goes up, but traffic does not pass. Tunnel is route based if it matters. I noticed that this is related to remote subnet configuration in RUT240 settings. 

  • If I define only one remote subnet in RUT240, VPN works
  • If I define two or more remote subnets in RUT240, VPN does not work

I looked into /etc/config/ipsec

GUI creates multiple remote_subnet entries:

list remote_subnet '192.168.45.0/24'

list remote_subnet '192.168.46.0/24'

But then strongswan documentation suggests that remote networks should be comma separated list. So I edited ipsec file to have networks listen in one line:

list remote_subnet '192.168.45.0/24, 192.168.46.0/24'

Then from GUI I disabled and enabled VPN (since not sure how to restart process from cli) and now VPN works with multiple networks. But now I cannot edit IPSec tunnel settings in GUI, it says that configuration is invalid.

Firmware in RUT240 is "RUT2_R_00.07.02.7"

1 Answer

0 votes
by anonymous
Sorry I rushed into conclusions, apparently service randomly picks one of the separated routes and it seemed to work in my tests.

I found out that I need to define traffic selectors in Juniper to make multiple subnets to work with RUT