Having issues with IPSEC tunnel over mobile network between RUT200 and IRZ (remote device, exact model unknown, have limited access).
The main problem is that tunnel is “likely” established, but there is no traffic through (even pings).
I have 2 different behaviors that happens 50/50 after reboot.
(cannot upload logs due to community rules, so in brief…)
- Tunnel is “likely” established ( UP on both sides, all is OK in log) but there is no traffic and pings from both sides;
- After a short time while phase 2 is OK, receiving:
…detected reauth of existing IKE_SA, adopting 1 children and 0 virtual IPs…
…schedule delete of duplicate IKE_SA…
then appearing instance 2, deleting 1, receiving “delete” for 2, and from the beginning.
1-3 iterations and stops on:
… IKE_SA … established between …
… generating ID_PROT response 0 [ ID HASH ]
… sending packet:…
Full stop [ no 2nd phase]. Status “disconnected”. But in this case on IRZ side there is 50/50 probability to see that tunnel is UP somehow.
Experimented with lifetime (no result), “exclude IPSEC from NAT” is ON, can’t use IKEv2 due to restrictions on IRZ side, experimented with firewall (force allow forwarding for addresses used in IPSEC despite there is a “factory” rule - same).
Have very limited access to IRZ side so I have to find “workaround” here - for RUT200.
Still cannot find a rational solution.
Looking forward to receive some help.
Thanks in advance.