WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

ipsec site to site ruting

0 votes
1,086 views 0 comments
by

Hello
The topic is popular in this forum so maybe someone will help me.
I have a VPN site to site connection via ipscec. The link works properly and is configured in accordance with the instructions (https://wiki.teltonika.lt/view/IPsec_configuration_examples).
For me, the local network has the address 10.15.0.0/16, and the remote network has 10.0.0.0/8 (here I have several VPN connections). Ping tracert works smoothly from a remote wall. On teltonica goes to the WAN link - IPSEC does not set routing.

root@router:~# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
 

root@router:~# traceroute  10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 38 byte packets
1  81.220.22.130 (81.220.22.130)  32.944 ms  34.715 ms  25.252 ms

route:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         128.183.68.217. 0.0.0.0         UG    0      0        0 wwan0

10.15.88.0      *               255.255.255.0   U     0      0        0 br-lan

128.183.68.208  *               255.255.255.240 U     0      0        0 wwan0

128.183.68.217  *               255.255.255.255 UH    0      0        0 wwan0

I do not know how to deal with it, please help me

2 Answers

0 votes
by

Thank you for the quick reply.

Of course, ping -I solved the ping problem

Best answer
0 votes
by anonymous

Hello,

To begin with, it seems that your device's local networks are conflicting. I.e.:

  •  Take note that IPsec tunnel is meant to be establish between two different networks (not to be confused with "Bridge VPN connections")
  •  However, your local network (10.15.0.0/16) is already included in your remote network (10.0.0.0/8)

In this case, solution is simple: you would simply change your local network so that it would not be included in remote network. E.g. you could use 172.16.0.0/16.

Regarding the IPsec troubleshoot'ing:

  •  You could use "IPsec status" SSH command on Teltonika routers to check if IPsec tunnel is successfully established (I can see that you already know how to connect to router's SSH/CLI)
  •  You could try to use "ping -I <source IP> <destination IP" ping command, if regular pings are not working for you. I.e. in standard IPsec tunnel's situation, normal pings should be able to reach remote network through IPsec tunnel without any issue. However, tempering with router's routing table or firewall might prevent normal pings to be routed through IPsec tunnel, since, differently than other VPN tunnels, IPsec does NOT create its own interface (meaning that there are no "Virtual VPN IPs/network"). In such case, you would need to specify from which router's interface you are trying to initiate the ping (it should be router's LAN IP address, default 192.168.1.1). Example: ping -I 192.168.1.1 10.0.0.1