FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
183 views 4 comments
by anonymous
Hi, I'm trying to setup an IPSEC tunnel on a RUTX50. In the web console advanced settings is not visible. I've looked at the /etc/config/ipsec file and can modify settings there, but I'm unable to see why the VPN is not connecting. Is there a log file that shows the reason why the tunnel is not establishing?

Fireware version is RUTX_R_00.07.04.2

I can see the remote end is continually initiating a connection but nothing else shows in the remote sides log.

Do I need a firewall entry created on the RUTX50 to allow the IPSEC traffic, or are the firewall rules created when the IPSEC configuration is added via the web console?

1 Answer

0 votes
by anonymous

Hello,

 

The firewall rules should be created automatically.

Could you check if your WebUI is in the Advanced mode?

It can be changed by clicking the mode button in the top-right corner.

  

Best regards,
DaumantasG

by anonymous
Indeed, that worked. I'm now able to see the advanced settings.

Regarding the log file, how can I see messages related to the connection establishment of the IPSEC tunnel.
by anonymous

Hello,

  

The logs from the IPsec instance can be seen by logging into the device using SSH or CLI and running the command logread. This will return all saved logs. You can also monitor the logs live by using the command logread -f.

Alternatively, you can monitor them by navigating to System → Administration → Troubleshoot and pressing the Show button for System logs.

If using SSH or CLI, you can filter out the IPsec logs by running the command logread | grep ipsec

Hope this helped!

  

Best regards,
DaumantasG

by anonymous
Hi, and thanks so much for the assistance.

I'm able to see the following message in the log file:

Thu Apr 27 17:12:15 2023 daemon.info ipsec: 06[IKE] received NO_PROPOSAL_CHOSEN error notify

Looking at both sides the phase 1 and 2 is AES128-SHA1-DH5-28800

What's the best way to troubleshoot this?

Also, what is the correct "mode" for site to site VPN? Start, Add or Route?

Thanks!
by anonymous
Hello,

  

I will ask you to navigate to System → Administration → Troubleshoot and generate a troubleshoot file. It can be attached to the original post and will only be visible to Teltonika moderators. It will provide me with some more insight into what the issue could be.

Also, what device is on the other side of the IPsec tunnel? Is it another Teltonika router?

  

Best regards,
DaumantasG