Hello,
We have a RUT955 Teltonika router (for test) in order to check if is suitable for securing the communications between some remote locations (over Mobile connection) and our HQ.
If we can build a stable IPSEC tunnel using DMVPN we will use this router or other Teltonika model in our project (30-40 routers at start and then about 100 more).
DMVPN HUB: Cisco ISR 4000 router, which works with multiple other Cisco Routers as spokes
DMVPN SPOKE: RUT955, Firmware: RUT9_R_00.07.06.12 (I manually installed the DMVPN package)
RUT955 WAN: Mobile connection (LTE, -51dBm RSSI), using private APN with static IP address assignment from SP.
There is no NAT involved in the WAN for both HUB and Teltonika SPOKE, but for some reasons the IPSEC is using UDP 4500 instead of ESP
We tested the DMVPN config successfully. It works great, but after ~2 minutes it is disconnected and reconnected in a continuous loop.
Seems that the vici plugin from the strongSwan IPSEC suite is terminating the connection without any obvious reason after ~2 minute, and then immediately starts a new VPN tunnel.
daemon.info ipsec: 06[CFG] vici terminate IKE_SA #95
Debug message on the HUB:
Received Packet [From <SPOKE_IP>:17579/To <HUB_IP>:4500/VRF i0:f0]
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents: DELETE
Is there a way to disable it or to change some settings to make this connection stable?
I’ve tested with both IKEv1 and IKEv2, with/without dpd or keepalive. The WAN connection is always stable, but the VPN is reconnecting in a loop after a short period of time no matter what settings I use.
I want to uploaded all the related configs and debugs from both HUB and SPOKE, but the website is not allowing me!!! (Sorry, new users can not upload attachments.)
Please help my with this, because each file has around 100 lines and it will look messy to simply paste it here.