RUTX11 firmware version RUTX_R_00.07.04.2
Hello,
i am testing IPsec VPN using X.509 certificates (no PSK!) with the above mentioned router to a Palo Alto PA-820.
With IKEv1 the VPN is building up as intended, but just changing the one setting "Key exchange" from IKEv1 to IKEv2 in the RUTX11 IPsec settings and the VPN is going down. The PA-820 accepts both (IKEv1 and IKEv2). As said, with IKEv1 it is working. But IKEv2 would be preferred.
In the Teltonika log i saw no error shown, but at the palo alto log there is:
"2023-04-26 11:46:25.856 +0200 [PERR]: RSA_verify failed: 1098954010896:error:04091064:rsa routines:INT_RSA_VERIFY:algorithm mismatch:rsa_sign.c:269:
2023-04-26 11:46:25.856 +0200 [PERR]: Invalid SIG."
The supporter says that this seems to be a wrong IKEv2 implementation at the Teltonika router.
Troubleshoot file is attached.
Are you able to help?
Best regards.