Hi I am trying to establish IPSEC VPN from RUT950 to Azure VPN GW. Firmware version is RUT9XX_R_00.06.09.2.
IPSEC tunnel is up (see ipsec statusall output below) but traffic is not flowing from LAN to remote network.
I can ping Router LAN IP and even WAN IP from local machines but I can't reach remote (right) location.
Any ideas, please?
root@Teltonika-RUT950:~# ipsec statusall
Status of IKE charon daemon (weakSwan 5.8.4, Linux 3.18.44, mips):
uptime: 17 hours, since Mar 02 21:30:19 2023
malloc: sbrk 167936, mmap 0, used 143504, free 24432
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 6
loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1
pkcs8 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke up
down vici xauth-generic
Listening IP addresses:
103.xxx.xxx.xxx
192.168.71.1
Connections:
Client2: %any...20.xxx.xxx.xxx IKEv2
Client2: local: uses pre-shared key authentication
Client2: remote: [20.xxx.xxx.xxx] uses pre-shared key authentication
Client2: child: 192.168.71.0/29 === 10.xxx.xxx.109/32 10.xxx.xxx.235/32 10.xxx.xxx.135/32 10.xxx.xxx.237/32 10.xxx.xxx.116/32 TUNNEL
Security Associations (1 up, 0 connecting):
Client2[525]: ESTABLISHED 17 minutes ago, 103.xxx.xxx.xxx[103.xxx.xxx.xxx]...20.xxx.xxx.xxx[20.xxx.xxx.xxx]
Client2[525]: IKEv2 SPIs: 1d447cf4216d280e_i 39a35dc0360fd8c0_r*, pre-shared key reauthentication i
n 7 hours
Client2[525]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Client2{7}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: cc9b0d36_i 0abfeb76_o
Client2{7}: AES_CBC_256/HMAC_SHA2_256_128, 0 bytes_i, 0 bytes_o, rekeying in 7 hours
Client2{7}: 192.168.71.0/29 === 10.xxx.xxx.109/32 10.xxx.xxx.116/32 10.xxx.xxx.135/32 10.xxx.xxx.235/32 10.xxx.xxx.237/32