Hello everyone,
i got an RB1100AHx4 running here as a VPN concentrator.
After I updated the Router to the latest Firmware (6.48 / 6.48.1) I got following error printed out in the log
14:48:52 ipsec,debug 0.0.0.0[500] used as isakmp port (fd=25)
14:48:52 ipsec,debug 0.0.0.0[4500] used as isakmp port with NAT-T (fd=27)
14:48:55 ipsec,debug failed to bind to ::[500] Bad file descript
Before the update, the ipsec configuration has worked.
I searched about that error message here in the forum and saw that is could have been something with IPv6. But IPv6 isn’t used at the network, the Router is attached to, at all. IPv6 Package is disabled.
I tried different settings for the peer:
Set peer Address to 0.0.0.0/0 instead of ::/0
Also Changed the default policy template to use SrcAddress and DstAddress to 0.0.0.0/0 instead of ::/0
But the error message still exists.
Here is the complete ipsec configuration
# feb/08/2021 15:04:32 by RouterOS 6.48.1
# software id = A4ZS-DCNV
#
# model = RB1100x4
# serial number = 91D70AF0F938
/ip ipsec mode-config
add address-pool=10.108.244.0/24 name="OHP LTE" split-include=10.0.0.0/8 system-dns=no
/ip ipsec policy group
add name=ALU_IKEv2
/ip ipsec profile
add dh-group=modp4096 enc-algorithm=aes-256,aes-128,3des hash-algorithm=sha512 lifetime=12h name=ALUIKEv2_Peer_Profile
/ip ipsec peer
add exchange-mode=ike2 name=peer1 passive=yes profile=ALUIKEv2_Peer_Profile
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512,sha256,sha1 enc-algorithms=aes-256-cbc,aes-256-ctr,aes-192-cbc,aes-128-cbc,aes-128-ctr lifetime=6h pfs-group=modp4096
/ip ipsec identity
add auth-method=digital-signature certificate=rb1100_dsl.crt_0 generate-policy=port-override mode-config="OHP LTE" peer=peer1
/ip ipsec policy
set 0 disabled=yes
add dst-address=0.0.0.0/0 src-address=0.0.0.0/0 template=yes
Has someone an idea, how to get the configuration working again?
Kind regards,
Sebastian