-a packet from the phone reaches the router firewall, input chain.
-it is accepted.
-nothing else happens.
After a more-in-depth investigation, I managed to enable the logging for ipsec, and I found this meaningful message in the log:
Code: Select all
17:34:27 ipsec ipsec,!packet: -> ike2 request, exchange: SA_INIT:0 37.162.229.55[61658] 032e1ba2e32cd267:0000000000000000
17:34:27 ipsec ipsec,!packet: no IKEv2 peer config for 37.162.229.55
Code: Select all
Flags: X - disabled; D - dynamic; R - responder
0 R name="peer-80.181.227.212" local-address=80.181.227.212 passive=yes profile=profile-703b066b6af4.sn.mynetname.net
exchange-mode=ike2 send-initial-contact=yes
37.162.229.55 is the IP address of my phone NOW.
95.245.79.106 is the IP address of my router NOW.
80.181.227.212 may be my provider's first router? This is a traceroute from inside my lan:
Code: Select all
C:\WINDOWS\system32>tracert 80.181.227.212
Tracing route to host-80-181-227-212.retail.telecomitalia.it [80.181.227.212]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms router.lan [10.3.50.11]
2 * * * Request timed out.
3 8 ms 7 ms 7 ms host-80-181-227-212.retail.telecomitalia.it [80.181.227.212]
Trace complete.