Hi, it looks like some values have been changed from string to boolean type in configuration and also some options were set as list type. Try to run the following UCI commands and then restart IPsec service using /etc/init.d/ipsec restart
UCI commands:
uci set ipsec.@ipsec[0].rtinstall_enabled=1
uci set ipsec.CustomerX=remote
uci add_list ipsec.CustomerX.crypto_proposal='CustomerX_ph1'
uci set ipsec.CustomerX.enabled='0'
uci set ipsec.CustomerX._multiple_secrets='0'
uci set ipsec.CustomerX.force_crypto_proposal='1'
uci set ipsec.CustomerX.gateway='vpnmgmt.CustomerX.nl'
uci set ipsec.CustomerX.authentication_method='psk'
uci set ipsec.CustomerX.pre_shared_key='XXXXXXXXXXXXXXXXX'
uci set ipsec.CustomerX.local_identifier='XXX-RTR01'
uci set ipsec.CustomerX.remote_identifier='XXX-FW02'
uci add_list ipsec.CustomerX.tunnel='CustomerX_c'
uci set ipsec.CustomerX_c=connection
uci add_list ipsec.CustomerX_c.crypto_proposal='CustomerX_ph2'
uci set ipsec.CustomerX_c.defaultroute='0'
uci set ipsec.CustomerX_c.aggressive='0'
uci set ipsec.CustomerX_c.forceencaps='0'
uci set ipsec.CustomerX_c.local_firewall='0'
uci set ipsec.CustomerX_c.remote_firewall='0'
uci set ipsec.CustomerX_c.comp_mode='1'
uci set ipsec.CustomerX_c._dpd='1'
uci set ipsec.CustomerX_c.force_crypto_proposal='1'
uci set ipsec.CustomerX_c.mode='start'
uci set ipsec.CustomerX_c.type='tunnel'
uci set ipsec.CustomerX_c.lifetime='12h'
uci set ipsec.CustomerX_c.ikelifetime='24h'
uci add_list ipsec.CustomerX_c.local_subnet='10.101.128.0/25'
uci add_list ipsec.CustomerX_c.local_subnet='10.100.128.254/32'
uci add_list ipsec.CustomerX_c.remote_subnet='10.20.0.0/16'
uci add_list ipsec.CustomerX_c.remote_subnet='192.168.222.0/24'
uci set ipsec.CustomerX_c.keyexchange='ikev2'
uci set ipsec.CustomerX_c.dpdaction='restart'
uci set ipsec.CustomerX_c.flush='0'
uci set ipsec.CustomerX_ph1=proposal
uci set ipsec.CustomerX_ph1.encryption_algorithm='aes256'
uci set ipsec.CustomerX_ph1.hash_algorithm='sha256'
uci set ipsec.CustomerX_ph1.dh_group='modp2048'
uci set ipsec.CustomerX_ph2=proposal
uci set ipsec.CustomerX_ph2.encryption_algorithm='aes256'
uci set ipsec.CustomerX_ph2.hash_algorithm='sha256'
uci set ipsec.CustomerX_ph2.dh_group='modp2048'
uci commit
You can throw this newer variant of UCI commands into text compare utility (notepad or something like this to see the exact changes.
P.S. if anything goes wrong, you may start over by copying base IPsec file with minimal config from ROM using this command:
cp /rom/etc/config/ipsec /etc/config/ipsec
Do note that this action will nuke the entire IPsec config file, so don’t use it if you want to preserve at least some part of IPsec config file.
EDIT: forgot to mention - it’s best to run these commands without any pre-existing IPsec configuration, just to be sure that no conflicting config will occur.