Question

Hello,

I have created a IPSEC VPN connection from RUTX50 to FritzBox using the type "client to site" with Xauth.From FritzBox I reach the WebUI of RUTX50 but from RUTX50 I cannot reach the FritzBox only ping is OK. There is a error message in the troubleshoot File in the RUTX50.

Sun Jun 25 21:54:33 2023 daemon.info ipsec: 06[CFG] selected peer config 'FW_NDHSN-FW_NDHSN_c' unacceptable
Sun Jun 25 21:54:33 2023 daemon.info ipsec: 06[CFG] no alternative config found
Sun Jun 25 21:54:33 2023 daemon.info ipsec: 06[IKE] XAuth authentication of 'ELW1' (myself) failed

I have the same secrets in FritzBox and RUTX50 for PSK and Xauth. I have attached the backup and the troubleshoot file. The FritzBox has a DYNDNS IP. The FritzBox uses :

Server : dyndns address

IPSec-ID : ELW1

Shared Secret : PSK secret

Account : ELW1

password : Xauth secret

https://community.teltonika-networks.com/56802/ipsec-vpn-rutx12-with-fritz-box-7490

I have allready tested this, but I does not work

Do you have any idea and can you help me.

Thanks

Matthias

Answer 1

Hello,

It appears that there are various issues occurring with the IPsec. Sometimes the child SA is established, sometimes XAuth authentication fails, and sometimes the SA is closed due to duplicate unique IDs replacing the old SA.

It may be that the issue is with the ID selectors where the 'ELW1' ID is declared twice. I would suggest trying to use different IDs (selectors). You could also try disabling unique IDs in the '/etc/ipsec.conf' file (strongswan uniqueids here).

Additionally, you can try enabling 'compatibility mode' in the advanced IPSec settings.

Kind Regards,