My MikroTink router is running v7.12.1, I managed to create a IKEv2 VPN to remotely connect my Android phone thanks to the useful script IKEv2-server-autoscript.rsc found on Github and it used to wok fine for several days. Than suddenly stopped to work. After a very hard (for me!) investigation, I found that:
-a packet from the phone reaches the router firewall, input chain.
-it is accepted.
-nothing else happens.
After a more-in-depth investigation, I managed to enable the logging for ipsec, and I found this meaningful message in the log:I do have a peer created for this IKEv2 vpn:Both my router and the phone have dynamic IP and I suspect it worked until the phone and/or the router changed the IP address.
37.162.229.55 is the IP address of my phone NOW.
95.245.79.106 is the IP address of my router NOW.
80.181.227.212 may be my provider's first router? This is a traceroute from inside my lan:What can be done? Is an IKEv2 possible in this scenario?
-a packet from the phone reaches the router firewall, input chain.
-it is accepted.
-nothing else happens.
After a more-in-depth investigation, I managed to enable the logging for ipsec, and I found this meaningful message in the log:
Code:
17:34:27 ipsec ipsec,!packet: -> ike2 request, exchange: SA_INIT:0 37.162.229.55[61658] 032e1ba2e32cd267:000000000000000017:34:27 ipsec ipsec,!packet: no IKEv2 peer config for 37.162.229.55 Code:
Flags: X - disabled; D - dynamic; R - responder 0 R name="peer-80.181.227.212" local-address=80.181.227.212 passive=yes profile=profile-703b066b6af4.sn.mynetname.net exchange-mode=ike2 send-initial-contact=yes37.162.229.55 is the IP address of my phone NOW.
95.245.79.106 is the IP address of my router NOW.
80.181.227.212 may be my provider's first router? This is a traceroute from inside my lan:
Code:
C:\WINDOWS\system32>tracert 80.181.227.212Tracing route to host-80-181-227-212.retail.telecomitalia.it [80.181.227.212]over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms router.lan [10.3.50.11] 2 * * * Request timed out. 3 8 ms 7 ms 7 ms host-80-181-227-212.retail.telecomitalia.it [80.181.227.212]Trace complete.Statistics: Posted by resca — Sat Jan 27, 2024 7:04 pm