Question

Hey,

I have problem with Service-VPN-IPSec.

 I don't see any tunnel on webgui, but i have few tunnels.

Comments

But one tunnel is active.

L2TP/Ipsec ire working

Answer 1

Hello,

Are you able to ping end hosts?

What does the command below display?

• ipsec statusall 

Could you attach a troubleshoot file from the device with your configuration or send it in a private message? The logs in the file might provide more insight into the possible issues. 

To generate the file, access router's WebUI, go to System -> Administration -> Troubleshoot section and download troubleshoot file from there. 

Also, could you share the topology of your network?

Best regards,

Comments

Hello,

staus ipsec isn't important

root@Teltonika-RUTXR1:~# ipsec statusall

Status of IKE charon daemon (strongSwan 5.9.2, Linux 5.4.221, armv7l):

  uptime: 12 hours, since Jan 31 18:15:46 2023

  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 4

  loaded plugins: charon aes des sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem openssl gmp xcbc hmac kernel-netlink socket-default stroke vici updown eap-identity eap-mschapv2 xauth-generic

Listening IP addresses:

  XX.XX.XX.XX

  192.168.1.1

  fdd2:7820:11f6::1

  192.168.0.0

  192.168.0.1

  192.168.0.1

Connections:

L2TPVPN-L2TPVPN_c:  %any...%any  IKEv1

L2TPVPN-L2TPVPN_c:   local:  uses pre-shared key authentication

L2TPVPN-L2TPVPN_c:   remote: uses pre-shared key authentication

L2TPVPN-L2TPVPN_c:   child:  dynamic === dynamic TRANSPORT

HC_ADD-HC_ADD_c:   child:  dynamic === dynamic TRANSPORT

HC_TMP-HC_TMP_c:  %any...0.0.0.0  IKEv1

HC_TMP-HC_TMP_c:   local:  uses pre-shared key authentication

HC_TMP-HC_TMP_c:   remote: uses pre-shared key authentication

HC_TMP-HC_TMP_c:   child:  192.168.1.0/24 === 192.168.44.0/24 TUNNEL

Security Associations (2 up, 0 connecting):

L2TPVPN-L2TPVPN_c[1484]: ESTABLISHED 48 seconds ago, XX.XX.XX.XX[XX.XX.XX.XX]...XX.XX.XX.XX[172.20.241.24]

L2TPVPN-L2TPVPN_c[1484]: IKEv1 SPIs: f9ab48a200c91174_i a6e6c6c078e14036_r*, pre-shared key reauthentication in 2 hours

L2TPVPN-L2TPVPN_c[1484]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384

L2TPVPN-L2TPVPN_c{1473}:  INSTALLED, TRANSPORT, reqid 2, ESP in UDP SPIs: ceb69625_i 589029ae_o

L2TPVPN-L2TPVPN_c{1473}:  AES_CBC_256/HMAC_SHA1_96, 125711 bytes_i (532 pkts, 0s ago), 180048 bytes_o (405 pkts, 44s ago), rekeying in 41 minutes

L2TPVPN-L2TPVPN_c{1473}:   XX.XX.XX.XX/32[udp/l2f] === XX.XX.XX.XX/32[udp/l2f]

L2TPVPN-L2TPVPN_c[1432]: ESTABLISHED 26 minutes ago, XX.XX.XX.XX[XX.XX.XX.XX]...XX.XX.XX.XX[192.168.8.100]

L2TPVPN-L2TPVPN_c[1432]: IKEv1 SPIs: 02c1cf5e0992b701_i 6068fbe26c3561c4_r*, pre-shared key reauthentication in 2 hours

L2TPVPN-L2TPVPN_c[1432]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384

L2TPVPN-L2TPVPN_c{1421}:  INSTALLED, TRANSPORT, reqid 1, ESP in UDP SPIs: c84dbf61_i 993b79ee_o

L2TPVPN-L2TPVPN_c{1421}:  AES_CBC_128/HMAC_SHA1_96, 592153 bytes_i (2321 pkts, 10s ago), 960351 bytes_o (2222 pkts, 15s ago), rekeying in 17 minutes

L2TPVPN-L2TPVPN_c{1421}:   XX.XX.XX.XX/32[udp/l2f] === XX.XX.XX.XX/32[udp/l2f]

Problem I have with webgui. I don't have possibility to edit any tunnel because i don't see it. List is empty.

---

Could you provide a screenshot and firmware version you are experiencing this?

A troubleshoot file could help to replicate the some of your configuration locally in an attempt to replicate the issue locally.

Best regards,