Question

Goodmorning,

We have a working IPsec VPN tunnel between a Draytek Vigor2926 router (server) and a Teltonika RUT9XX (client). The network of the Draytek is 192.168.178.xx and the Teltonika is 192.168.1.xx. We can access all client PC’s and cameras true the VPN server but the clients are not connected to internet. The Teltonika router does give the clients a IP address. Further: there are no firewall portforwarding rules on the Teltonika client only Firewall Traffic rules ( standard and enabled). As far as I can see there are no further settings that can cause this.

Because the VPN is working I don’t want to loose it if I change something essential.

Hopefully you can tell me what to change so my clients can use internet.

Answer 1

Hi,

I’m little confused. I don’t understand this:

“We can access all client PC’s and cameras true the VPN server but the clients are not connected to internet.”

Please provide more details and share detailed topology with IP address?

IPsec includes protocols for establishing authentication between agents. There is no server or client. What do you mean “Draytek Vigor2926 router (server) and a Teltonika RUT9XX (client)”?

Regards

Comments

It's a RUT os "bug" or OpenWRT/strongswan misconfiguration script, when IPsec tunnel is established, Firewall flush routing to "internet" for clients in lan (br-lan interface) and only allowed traffic is between tunnel peers subnet.

Answer 2

I think is missing some firewall rules allow traffic like LAN to ANY

I'm under working to understand how is mistake exactly...

I see much firewall misconfiguration warning, in RUT os,  when I run

/etc/init.d/firewall restart

But I'm not a really tough expert , I go foward with many trial & errors, sorry