WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

TRB140 IPSec tunnel to USG

0 votes
413 views 9 comments
by anonymous

Hi 

i have a TRB140 with FW TRB1-R-00.07.02.4 at a remote site and a USG at the main office and would like to get a IPSec tunnel between the 2. 

the logs seam to show that the tunnel is up but i can not ping anything from any network. below shows logs that tunnel is up. 




oot@Teltonika-TRB140:~# ipsec status



Security Associations (1 up, 0 connecting):



EDL-EDL_c[1]: ESTABLISHED 6 seconds ago, xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]...xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]



EDL-EDL_c{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c7a918f0_i ccd038d7_o



EDL-EDL_c{1}: 192.168.4.0/24 === 192.168.2.0/24



 my settings are attached in the images



hoping someone can help me get this working. 



thanks 






















 
 

 





 






 





1 Answer











 
 





0 votes 


























by 
anonymous












Hello,



I would like you to attach a troubleshoot file to your question. Please, replicate the issue, then access router's WebUI, go to System -> Administration -> Troubleshoot section and download troubleshoot file from there. The logs in the file might provide more insight into the issue.



Attached files are private and visible only to Teltonika Moderators.



Best regards,






























by 
anonymous













hi, 



no worries at all. they are attached




















 












by 
anonymous
















Hello,



Could you login to the router via WebUI, navigate to Network -> Firewall -> NAT rules and enable Exclude-IPsec-from-NAT rule?



Seems like it is the only thing preventing pings between devices from TRB side.



Best regards,




















 












by 
anonymous













Hi 

unfortunately this didnt help. any other ideas?




















 












by 
anonymous
















Please update your device's firmware to 7.03.2 version, which you can download from here, with Keep settings option set to off and reconfigure your device. If you are still not able to ping devices within the tunnel, generate a new troubleshoot file.



Best regards,




















 












by 
anonymous













thanks. i have tried this and still cant ping in either direction. i have attached another troubleshoot file. 

in the ipsec settings does the local and remote identifiers need to be filled out? i cant get the tunnel to connect if i fill out the remote identifier. 



thanks




















 












by 
anonymous
















Local and remote identifiers are not mandatory, but they have to match on both sides if used.



Your configuration has two remote subnets, but IKEv1 only allows for a single pair of left and right hosts or subnets.




















 












by 
anonymous













removing identifiers and just having 1 subnet didn't solve the problem. still don't get any traffic across the tunnel




















 












by 
anonymous













Would it be possible to arrange a remote via Anydesk to look a solution?




















 












by 
anonymous













thats would be great. im free any time tonight