Hi everyone,
i have been trying to establish a BOVPN between a RUT956 (with SIM-Card) and a Watchguard T25 (with public static IPv4 adress) for days.
I do VPN a lot with other customers, but now i won’t beat this challenge for our own purposes.
I’m really hoping to get help by someone, who is more firm than me obviously.
So here we start with the log from the RUT956:
37456 Sat Nov 30 14:48:25 2024 daemon.info ipsec: 11[IKE] <st_hq|1> initiating IKE_SA st_hq[1] to 93.241.XX.XX
37460 Sat Nov 30 14:48:25 2024 daemon.info ipsec: 11[CFG] <st_hq|1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
37461 Sat Nov 30 14:48:25 2024 daemon.info ipsec: 11[CFG] <st_hq|1> sending supported signature hash algorithms: sha256 sha384 sha512 identity
37462 Sat Nov 30 14:48:25 2024 daemon.info ipsec: 11[ENC] <st_hq|1> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
37463 Sat Nov 30 14:48:25 2024 daemon.info ipsec: 11[NET] <st_hq|1> sending packet: from 10.213.181.42[500] to 93.241.XX.XX[500] (1112 bytes)
37469 Sat Nov 30 14:48:26 2024 daemon.info ipsec: 10[NET] <st_hq|1> received packet: from 93.241.XX.XX[500] to 10.213.181.42[500] (432 bytes)
37470 Sat Nov 30 14:48:26 2024 daemon.info ipsec: 10[ENC] <st_hq|1> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
37471 Sat Nov 30 14:48:26 2024 daemon.info ipsec: 10[CFG] <st_hq|1> selecting proposal:
37472 Sat Nov 30 14:48:26 2024 daemon.info ipsec: 10[CFG] <st_hq|1> no acceptable ENCRYPTION_ALGORITHM found
37473 Sat Nov 30 14:48:26 2024 daemon.info ipsec: 10[CFG] <st_hq|1> selecting proposal:
37474 Sat Nov 30 14:48:26 2024 daemon.info ipsec: 10[CFG] <st_hq|1> proposal matches
37475 Sat Nov 30 14:48:26 2024 daemon.info ipsec: 10[CFG] <st_hq|1> received proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
37476 Sat Nov 30 14:48:26 2024 daemon.info ipsec: 10[CFG] <st_hq|1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
37477 Sat Nov 30 14:48:26 2024 daemon.info ipsec: 10[CFG] <st_hq|1> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
37478 Sat Nov 30 14:48:26 2024 daemon.info ipsec: 10[IKE] <st_hq|1> local host is behind NAT, sending keep alives
37569 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 10[IKE] <st_hq|1> authentication of ‘dt001@securetask.de’ (myself) with pre-shared key
37570 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 10[CFG] <st_hq|1> proposing traffic selectors for us:
37571 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 10[CFG] <st_hq|1> 192.168.1.0/24
37572 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 10[CFG] <st_hq|1> proposing traffic selectors for other:
37573 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 10[CFG] <st_hq|1> 10.100.20.0/24
37574 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 10[CFG] <st_hq|1> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ, ESP:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/NO_EXT_SEQ
37575 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 10[IKE] <st_hq|1> establishing CHILD_SA st_hq_c{1}
37576 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 10[ENC] <st_hq|1> generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
37577 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 10[NET] <st_hq|1> sending packet: from 10.213.181.42[4500] to 93.241.XX.XX[4500] (560 bytes)
37583 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 15[NET] <st_hq|1> received packet: from 93.241.XX.XX[4500] to 10.213.181.42[4500] (96 bytes)
37584 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 15[ENC] <st_hq|1> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
37585 Sat Nov 30 14:48:28 2024 daemon.info ipsec: 15[IKE] <st_hq|1> received AUTHENTICATION_FAILED notify error