XIII
Very Senior Member
Recently I purchased a GT-AX6000 to replace my RT-AC86U, so that I can run the new 388 firmware.
I managed to manually replicate my old 386.7_2 setup from scratch in 388.1, except for IPSec VPN which keeps failing:
When I set up the AC86U long time ago, it was connected to the ISP's router in bridge mode, but last year I switched ISP's.
The new ISP's router does not offer bridge mode, so my new GT-AX6000 is in the DMZ zone of the ISP's router (with IP address 192.168.0.2, as seen in the log above).
What could (I) be (doing) wrong?
How to fix this?
I managed to manually replicate my old 386.7_2 setup from scratch in 388.1, except for IPSec VPN which keeps failing:
Code:
Dec 20 22:07:32 00[DMN] Starting IKE charon daemon (strongSwan 5.9.6, Linux 4.19.183, aarch64)
Dec 20 22:07:32 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Dec 20 22:07:32 00[NET] installing IKE bypass policy failed
Dec 20 22:07:32 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Dec 20 22:07:32 00[NET] installing IKE bypass policy failed
Dec 20 22:07:32 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Dec 20 22:07:32 00[NET] installing IKE bypass policy failed
Dec 20 22:07:32 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Dec 20 22:07:32 00[NET] installing IKE bypass policy failed
Dec 20 22:07:32 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Dec 20 22:07:32 00[CFG] loaded ca certificate "C=TW, O=ASUS, CN=ASUS ax6000 Root CA" from '/etc/ipsec.d/cacerts/asusCert.pem'
Dec 20 22:07:32 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Dec 20 22:07:32 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Dec 20 22:07:32 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Dec 20 22:07:32 00[CFG] loading crls from '/etc/ipsec.d/crls'
Dec 20 22:07:32 00[CFG] loading secrets from '/etc/ipsec.secrets'
Dec 20 22:07:32 00[CFG] loaded IKE secret for %any
Dec 20 22:07:32 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/svrKey.pem'
Dec 20 22:07:32 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl pkcs8 fips-prf curve25519 agent xcbc cmac hmac kdf drbg attr kernel-pfkey kernel-netlink socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-peap xauth-generic counters
Dec 20 22:07:32 00[JOB] spawning 8 worker threads
Dec 20 22:07:32 07[CFG] received stroke: add connection 'Host-to-Net'
Dec 20 22:07:32 07[CFG] adding virtual IP address pool 10.10.10.0/24
Dec 20 22:07:32 07[CFG] added configuration 'Host-to-Net'
Dec 20 22:07:32 01[CFG] received stroke: add connection 'Host-to-Netv2'
Dec 20 22:07:32 01[CFG] reusing virtual IP address pool 10.10.10.0/24
Dec 20 22:07:32 01[CFG] loaded certificate "C=TW, O=ASUS, CN=192.168.0.2" from 'svrCert.pem'
Dec 20 22:07:32 01[CFG] id 'REDACATED.asuscomm.com' not confirmed by certificate, defaulting to 'C=TW, O=ASUS, CN=192.168.0.2'
Dec 20 22:07:32 01[CFG] added configuration 'Host-to-Netv2'
Dec 20 22:07:32 00[DMN] SIGINT received, shutting down
When I set up the AC86U long time ago, it was connected to the ISP's router in bridge mode, but last year I switched ISP's.
The new ISP's router does not offer bridge mode, so my new GT-AX6000 is in the DMZ zone of the ISP's router (with IP address 192.168.0.2, as seen in the log above).
What could (I) be (doing) wrong?
How to fix this?
Last edited: