FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
667 views 1 comments
by anonymous
Hello,

Is there anyone in the forum who managed to get IPSEC to work between rutOS and OPNsense (similar to pfSense firewall) I have searched in loads of threads here and on other forums. I've set up tunnels many times before in different environments, so I've learned the common pitfalls. (DH groups, algorithms, known handshake problems between different firewalls, etc.)

Phase 1 seems to work but it fails on phase 2. Seems to be some kind of authorization error.

We have checked passwords for special characters and different kinds of password lengths.

Furthermore, during the troubleshooting process we have learned that the "rutOS" devices must be rebooted and that the IPSEC status must be checked through SSH with the command ipsec /statusall

Do you have any thoughts or experiences regarding this problem?

I am quite new to rutOS, but is there any possibility to deep log IPSEC and in such cases how do you access that log.
by anonymous
What device (rut or fw) is initiating the vpn tunnel? What is the log telling you on the non-initiating device? Is there an error or message what indicates an issue?

1 Answer

0 votes
by anonymous

Hello,

  

To answer your question, the easiest way to understand what is causing the issue would be to check the logs. To see the IPsec logs in particular, you could use the command logread | grep ipsec. Alternatively, you can follow the IPsec log messages by using the command logread -f | grep ipsec.

If the logs do not provide any insight into what the issue could be, I will ask you to:

  • Make sure you are on the latest firmware;
  • Replicate the issue;
  • Navigate to System → Administration → Troubleshoot and generate a troubleshoot file. This file can be attached to your original question and will only be visible to Teltonika moderators.
  • I will also ask you to attach your OPNsense IPsec configuration (either the config file or screenshots);

This information will hopefully provide us with some more insight into what the issue could be.

  

Best regards,
DaumantasG