XIII
Very Senior Member
Installed 388.2 Alpha 2 over 388.1 on my GT-AX6000.
Unfortunately something still crashes when I try set the IPSec VPN Pre-Shared Key:
@RMerlin I reported this for 388.1, but back then you unfortunately/understandably had no time to look into this. Perhaps you have some time now, while waiting for (more?) GPL's? (Not trying to push you!)
Is the local IP address in "CN=192.168.0.2" expected or should this be a public IP address for (configuring) IPSec VPN to properly work?
(My ASUS router is behind my ISP's router, which does not offer bridge mode - thus in DMZ instead)
Unfortunately something still crashes when I try set the IPSec VPN Pre-Shared Key:
Code:
Mar 14 21:05:06 00[DMN] Starting IKE charon daemon (strongSwan 5.9.8, Linux 4.19.183, aarch64)
Mar 14 21:05:07 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Mar 14 21:05:07 00[NET] installing IKE bypass policy failed
Mar 14 21:05:07 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Mar 14 21:05:07 00[NET] installing IKE bypass policy failed
Mar 14 21:05:07 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Mar 14 21:05:07 00[NET] installing IKE bypass policy failed
Mar 14 21:05:07 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Mar 14 21:05:07 00[NET] installing IKE bypass policy failed
Mar 14 21:05:07 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Mar 14 21:05:07 00[CFG] loaded ca certificate "C=TW, O=ASUS, CN=ASUS ax6000 Root CA" from '/etc/ipsec.d/cacerts/asusCert.pem'
Mar 14 21:05:07 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Mar 14 21:05:07 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Mar 14 21:05:07 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Mar 14 21:05:07 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mar 14 21:05:07 00[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 14 21:05:07 00[CFG] loaded IKE secret for %any
Mar 14 21:05:07 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/svrKey.pem'
Mar 14 21:05:07 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl pkcs8 fips-prf curve25519 agent xcbc cmac hmac kdf gcm drbg attr kernel-pfkey kernel-netlink socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-peap xauth-generic counters
Mar 14 21:05:07 00[JOB] spawning 8 worker threads
Mar 14 21:05:07 01[CFG] received stroke: add connection 'Host-to-Net'
Mar 14 21:05:07 01[CFG] adding virtual IP address pool 10.10.10.0/24
Mar 14 21:05:07 01[CFG] added configuration 'Host-to-Net'
Mar 14 21:05:07 05[CFG] received stroke: add connection 'Host-to-Netv2'
Mar 14 21:05:07 05[CFG] reusing virtual IP address pool 10.10.10.0/24
Mar 14 21:05:07 05[CFG] loaded certificate "C=TW, O=ASUS, CN=192.168.0.2" from 'svrCert.pem'
Mar 14 21:05:07 05[CFG] id '<REDACTED>.asuscomm.com' not confirmed by certificate, defaulting to 'C=TW, O=ASUS, CN=192.168.0.2'
Mar 14 21:05:07 05[CFG] added configuration 'Host-to-Netv2'
Mar 14 21:05:07 00[DMN] SIGINT received, shutting down
@RMerlin I reported this for 388.1, but back then you unfortunately/understandably had no time to look into this. Perhaps you have some time now, while waiting for (more?) GPL's? (Not trying to push you!)
Is the local IP address in "CN=192.168.0.2" expected or should this be a public IP address for (configuring) IPSec VPN to properly work?
(My ASUS router is behind my ISP's router, which does not offer bridge mode - thus in DMZ instead)