WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUT 955 VPN IPSEC after new firmware no connexion

0 votes
277 views 2 comments
by anonymous

Good morning

I have a rut955 box under the previous firmware my ipsec vpn with a fortinet firewall 

worked after switching to the latest firmware RUT9_R_00.07.04.1

the ipsec vpn programming has changed and I can't get it to work

log about cli




Security Associations (0 up, 1 connecting):



(unnamed)[577]: CONNECTING, 185.247.251.122[%any]...130.93.127.169[%any]



root@Teltonika-RUT955:~#



root@Teltonika-RUT955:~# ipsec statusall Status of IKE charon daemon (strongSwan 5.9.2, Linux 5.4.229, mips): uptime: 97 minutes, since Apr 13 06:17:22 2023 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2 loaded plugins: charon aes des sha2 sha1 md4 md5 random nonce x509 revocation constr aints pubkey pkcs1 pkcs8 pgp pem openssl gmp xcbc hmac kernel-netlink socket-default s troke vici updown eap-identity eap-mschapv2 xauth-generic Listening IP addresses: 192.168.99.2 185.247.251.122 192.168.54.254 Connections: Thermes-Thermes_c: %any...130.93.127.169 IKEv1, dpddelay=3s Thermes-Thermes_c: local: uses pre-shared key authentication Thermes-Thermes_c: remote: [130.93.127.169] uses pre-shared key authentication Thermes-Thermes_c: child: 192.168.54.0/24 === 10.54.12.0/24 TUNNEL, dpdaction=resta rt Security Associations (0 up, 1 connecting): (unnamed)[586]: CONNECTING, 185.247.251.122[%any]...130.93.127.169[%any] (unnamed)[586]: IKEv1 SPIs: 21ebbca5931c4065_i e274768aef7b53a2_r* (unnamed)[586]: IKE proposal: DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 (unnamed)[586]: Tasks passive: ISAKMP_VENDOR MAIN_MODE 






thanks










































by 
anonymous













I can see in the log file 



no peer config found




















 

 
 

 





 






 





2 Answers











 
 





0 votes 


























by 
anonymous









Hello,



The line above No peer config found:



looking for pre-shared key peer configs matching <Public_IP1>...<Public_IP2>[192.168.254.100]




Then there is a following line:



IDir '192.168.254.100' does not match to '<Public_IP2>'



Could you, instead of using "%any", configure left|right identifiers on both peers appropriately, so that they agree on their respective identities?



Best regards,
















 
 

 





 








 
 





0 votes 


























by 
anonymous






Hello 



You can close this request 



i found my error






























by 
anonymous













Could you share the solution in case someone else encounter's something similar?



Best regards,