Hello,
I have an issue with RUTX11 and IPSEC VPN connections.
The RUTX11 uses mobile connection to connect to a sonicwall using two IPSEC VPNs.
The ipsec config is:
conn tun1
left=0.0.0.0/0,::/0
right=
leftfirewall=yes
rightfirewall=yes
ikelifetime=28800s
lifetime=28800s
margintime=9m
keyingtries=3
dpdaction=restart
dpddelay=30s
dpdtimeout=120s
leftauth=psk
rightauth=psk
rightsubnet=10.120.50.0/24
auto=start
leftsubnet=10.120.90.0/24
leftid=
aggressive=no
forceencaps=yes
type=tunnel
keyexchange=ikev2
esp=aes128-sha1-modp1024
ike=aes128-sha1-modp1024
conn tun2
left=0.0.0.0/0,::/0
right=
leftfirewall=yes
rightfirewall=yes
ikelifetime=28800s
lifetime=28800s
margintime=9m
keyingtries=3
dpdaction=restart
dpddelay=30s
dpdtimeout=120s
leftauth=psk
rightauth=psk
rightsubnet=10.120.60.0/24
auto=start
leftsubnet=10.120.90.0/24
leftid=
aggressive=no
forceencaps=yes
type=tunnel
keyexchange=ikev2
esp=aes128-sha1-modp1024
ike=aes128-sha1-modp1024
Both tunnels connect fine and I can ping the sonicwall over both tunnels using the cli, but from the 10.120.90.0/24 lan I cannot ping the sonicwall end.
ip route show table 220 shows both tunnel routes are there and the Exclude-ipsec NAT rule is there.
When I enable or disable masquerade on the lan->wan zone ping from the lan works! But after a restart of the router it’s back to no ping from lan.
A traceroute from the lan shows the router routing traffic out via the mobile interface and not the VPN.
Also - if I use the cli to restart the firewall then ping from the lan starts working (until the next reboot)
I don’t think the router is handling the VPN routing very well?