FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
431 views 9 comments
by anonymous

Hi 

i have a TRB140 with FW TRB1-R-00.07.02.4 at a remote site and a USG at the main office and would like to get a IPSec tunnel between the 2. 

the logs seam to show that the tunnel is up but i can not ping anything from any network. below shows logs that tunnel is up. 



oot@Teltonika-TRB140:~# ipsec status

Security Associations (1 up, 0 connecting):

EDL-EDL_c[1]: ESTABLISHED 6 seconds ago, xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]...xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]

EDL-EDL_c{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c7a918f0_i ccd038d7_o

EDL-EDL_c{1}: 192.168.4.0/24 === 192.168.2.0/24

 my settings are attached in the images

hoping someone can help me get this working. 

thanks 

1 Answer

0 votes
by anonymous

Hello,

I would like you to attach a troubleshoot file to your question. Please, replicate the issue, then access router's WebUI, go to System -> Administration -> Troubleshoot section and download troubleshoot file from there. The logs in the file might provide more insight into the issue.

Attached files are private and visible only to Teltonika Moderators.

Best regards,

by anonymous
hi,

no worries at all. they are attached
by anonymous

Hello,

Could you login to the router via WebUI, navigate to Network -> Firewall -> NAT rules and enable Exclude-IPsec-from-NAT rule?

Seems like it is the only thing preventing pings between devices from TRB side.

Best regards,

by anonymous
Hi
unfortunately this didnt help. any other ideas?
by anonymous

Please update your device's firmware to 7.03.2 version, which you can download from here, with Keep settings option set to off and reconfigure your device. If you are still not able to ping devices within the tunnel, generate a new troubleshoot file.

Best regards,

by anonymous
thanks. i have tried this and still cant ping in either direction. i have attached another troubleshoot file.
in the ipsec settings does the local and remote identifiers need to be filled out? i cant get the tunnel to connect if i fill out the remote identifier.

thanks
by anonymous

Local and remote identifiers are not mandatory, but they have to match on both sides if used.

Your configuration has two remote subnets, but IKEv1 only allows for a single pair of left and right hosts or subnets.

by anonymous
removing identifiers and just having 1 subnet didn't solve the problem. still don't get any traffic across the tunnel
by anonymous
Would it be possible to arrange a remote via Anydesk to look a solution?
by anonymous
thats would be great. im free any time tonight