I’ve upgrade my Rutx50 from version RUTX_R_00.07.04.5 to RUTX_R_00.07.05.3 but I can no longer see the VPN (IPSEC) configuration from the GUI.
The “ipsec status” command from CLI shows that the tunnels are still up/running. From a network point of view they are working correctly, so there is only a display issue in the GUI. The “uci show ipsec” shows all the correct information as well.
I was not able to replicate your issue locally.
The issue might be configuration-specific. Could you share you configuration with all of the sensitive values removed? If anything was changed in the Advanced settings it would be good to include that as well.
Perhaps and update with “Keep Settings” option enabled was performed to the firmware version RUTX_R_00.07.04.5 as well? If so, do you remember what firmware was present on your device before RUTX_R_00.07.04.5?
Here are the UCI commands how the VPN was configured initially (the template we use):
uci set ipsec.@ipsec.rtinstall_enabled=1
uci set ipsec.CustomerX=remote
uci set ipsec.CustomerX.crypto_proposal=‘CustomerX_ph1’
uci set ipsec.CustomerX.enabled=‘1’
uci set ipsec.CustomerX._multiple_secrets=‘0’
uci set ipsec.CustomerX.force_crypto_proposal=‘1’
uci set ipsec.CustomerX.gateway=‘vpnmgmt.CustomerX.nl’
uci set ipsec.CustomerX.authentication_method=‘psk’
uci set ipsec.CustomerX.pre_shared_key=‘XXXXXXXXXXXX’
uci set ipsec.CustomerX.local_identifier=‘XXX-RTR01’
uci set ipsec.CustomerX.remote_identifier=‘XXX-FW02’
uci add_list ipsec.CustomerX.tunnel=‘CustomerX_c’
uci set ipsec.CustomerX_c=connection
uci set ipsec.CustomerX_c.crypto_proposal=‘CustomerX_ph2’
uci set ipsec.CustomerX_c.defaultroute=‘0’
uci set ipsec.CustomerX_c.aggressive=‘no’
uci set ipsec.CustomerX_c.forceencaps=‘no’
uci set ipsec.CustomerX_c.local_firewall=‘yes’
uci set ipsec.CustomerX_c.remote_firewall=‘yes’
uci set ipsec.CustomerX_c.comp_mode=‘1’
uci set ipsec.CustomerX_c._dpd=‘1’
uci set ipsec.CustomerX_c.force_crypto_proposal=‘1’
uci set ipsec.CustomerX_c.mode=‘start’
uci set ipsec.CustomerX_c.type=‘tunnel’
uci set ipsec.CustomerX_c.lifetime=‘12h’
uci set ipsec.CustomerX_c.ikelifetime=‘24h’
uci add_list ipsec.CustomerX_c.local_subnet=‘10.101.128.0/25’
uci add_list ipsec.CustomerX_c.local_subnet=‘10.100.128.254/32’
uci add_list ipsec.CustomerX_c.remote_subnet=‘10.20.0.0/16’
uci add_list ipsec.CustomerX_c.remote_subnet=‘192.168.222.0/24’
uci set ipsec.CustomerX_c.keyexchange=‘ikev2’
uci set ipsec.CustomerX_c.dpdaction=‘restart’
uci set ipsec.CustomerX_ph1=proposal
uci set ipsec.CustomerX_ph1.encryption_algorithm=‘aes256’
uci set ipsec.CustomerX_ph1.hash_algorithm=‘sha256’
uci set ipsec.CustomerX_ph1.dh_group=‘modp2048’
uci set ipsec.CustomerX_ph2=proposal
uci set ipsec.CustomerX_ph2.encryption_algorithm=‘aes256’
uci set ipsec.CustomerX_ph2.hash_algorithm=‘sha256’
uci set ipsec.CustomerX_ph2.dh_group='modp2048’h
I don’t know the prior firmware versions. But his configuration is used for years already, so we’ve seen quite a few.
Have simular problem on RUTx09 , can se the config but gui showing disconnected, but ipsec is up and working after upgrade to RUTX_R_00.07.05.3, no uptime status and no RX,TX. Tried to remove the config and set up clean in new version but tha same problem, show disconnected but is working in backgroud.
This feature has been present for quite a while. Since IPsec works a little differently when compared to other VPNs, it may be beneficial to disable this option with more advanced IPsec configurations.
As for the disconnected issue, could you share the IPsec logs from the WebUI (make sure to remove any sensitive information!)? Thank you.
EDIT: @leon I will also ask to paste the logs in a separate comment.
Could you try reconfiguring the IPsec instance manually using the WebUI? Some UCI options could have changed which can definitely cause issues. We suggest re-creating UCI configuration every major firmware release (07.04.x, 07.05.x…) to avoid issues like this.