The Ipsec-connection is not established through two Internet-links

Mike33 · Sun Apr 18, 2021 4:17 am

The two routers are connected by two Internet-links.
If we use the same certificate for different Internet-links, then the router cannot establish an Ipsec connection.

/ip ipsec proposal add name="phase2-proposal1" auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=30m pfs-group=modp1024 disabled=no
/ip ipsec profile add name="phase1-profile1" hash-algorithm=sha256 prf-algorithm=sha256 enc-algorithm=aes-256 dh-group=modp1024 lifetime=1d dpd-interval=1m nat-traversal=no
/ip ipsec peer add name="peer2-1" address=<peer2-ip1> local-address=<peer1-ip1> exchange-mode=ike2 profile="phase1-profile1" send-initial-contact=yes passive=no disabled=no
/ip ipsec peer add name="peer2-2" address=<peer2-ip2> local-address=<peer1-ip2> exchange-mode=ike2 profile="phase1-profile1" send-initial-contact=yes passive=no disabled=no
/ip ipsec identity add peer="peer2-1" auth-method=digital-signature certificate="PEER1" remote-certificate="PEER2" match-by=certificate generate-policy=no disabled=no
/ip ipsec identity add peer="peer2-2" auth-method=digital-signature certificate="PEER1" remote-certificate="PEER2" match-by=certificate generate-policy=no disabled=no

Cablenut9 · Sun Apr 18, 2021 4:18 am

What ROS version are you using?

Mike33 · Sun Apr 18, 2021 4:22 am

What ROS version are you using?

6.48.2 (stable)

Cablenut9 · Sun Apr 18, 2021 5:41 am

What ROS version are you using?
6.48.2 (stable)

Sad, because I had a similar problem on 7.1beta5 and the problem was that it was just a buggy version, bu that isn't true here.

The Ipsec-connection is not established through two Internet-links

The Ipsec-connection is not established through two Internet-links

Re: The Ipsec-connection is not established through two Internet-links

Re: The Ipsec-connection is not established through two Internet-links

Re: The Ipsec-connection is not established through two Internet-links

Who is online