NoSync
Regular Contributor
Hi,
I can't get the IPsec server to work on my RT-AC86U. I'm currently on 384.5 (I briefly tried this on 384.4 before as well, but didn't have time to investigate further), and after configuring the server the devices I tried to use (Mac from my office's wifi, iPhone from the same wifi and cellular network) just won't connect. The error I get is "Negotiation with the VPN server failed". The wifi network has got IPsec pass-through enabled, but again, same behavior with cellular.
The RT-AC86U gets a public IP via PPPoE. OpenVPN works flawlessly with the same clients.
When I start the connection from the client (in this case it's the iPhone via cellular) this is what I see when running ipsec statusall (176.200.114.236 is the current IP of my iPhone on the cellular network):
The clients do reach the server but can't go through, and I can't find anything in the logs except for this unhelpful line:
No errors whatsoever.
Any ideas of what I can try next? I searched the forums but couldn't find anything relevant.
Thanks.
I can't get the IPsec server to work on my RT-AC86U. I'm currently on 384.5 (I briefly tried this on 384.4 before as well, but didn't have time to investigate further), and after configuring the server the devices I tried to use (Mac from my office's wifi, iPhone from the same wifi and cellular network) just won't connect. The error I get is "Negotiation with the VPN server failed". The wifi network has got IPsec pass-through enabled, but again, same behavior with cellular.
The RT-AC86U gets a public IP via PPPoE. OpenVPN works flawlessly with the same clients.
When I start the connection from the client (in this case it's the iPhone via cellular) this is what I see when running ipsec statusall (176.200.114.236 is the current IP of my iPhone on the cellular network):
Code:
Status of IKE charon daemon (weakSwan 5.2.1, Linux 4.1.27, aarch64):
uptime: 11 minutes, since Jun 07 12:31:27 2018
malloc: sbrk 1466368, mmap 0, used 329776, free 1136592
worker threads: 3 of 8 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1
loaded plugins: charon aes des rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf agent xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-peap xauth-generic
Virtual IP pools (size/online/offline):
10.10.10.0/24: 254/0/0
Listening IP addresses:
192.168.10.1
192.168.10.2
192.168.11.1
169.254.113.110
<REDACTED>
10.16.0.1
10.30.16.122
Connections:
Host-to-Net: <REDACTED>...%any IKEv1, dpddelay=10s
Host-to-Net: local: [<REDACTED>] uses pre-shared key authentication
Host-to-Net: remote: uses pre-shared key authentication
Host-to-Net: remote: uses XAuth authentication: any
Host-to-Net: child: 0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
Security Associations (0 up, 1 connecting):
(unnamed)[4]: CONNECTING, <REDACTED>[%any]...176.200.114.236[%any]
(unnamed)[4]: IKEv1 SPIs: 242a90f70807c796_i 0ddfcb6020a63262_r*
(unnamed)[4]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
(unnamed)[4]: Tasks passive: ISAKMP_VENDOR MAIN_MODE
The clients do reach the server but can't go through, and I can't find anything in the logs except for this unhelpful line:
Code:
Jun 7 12:42:34 06[IKE] 176.200.114.236 is initiating a Main Mode IKE_SA
No errors whatsoever.
Any ideas of what I can try next? I searched the forums but couldn't find anything relevant.
Thanks.