8298 questions

9762 answers

15547 comments

13865 members

0 votes
627 views 2 comments
by
Hello , i have set up an IPSEC tunnel from a RUT950  firmware 6.0.6 to a Fortigate firewall.

I found a configuration that works following this tutorial :

https://community.teltonika-networks.com/?qa=blob&qa_blobid=16198895679728135919

The only difference was that i had to flag the tab force encapsulation, not sure why that was necessary but it is not the main issue.

Originally i set up the VPN as the example , with local network 192.168.3.0/24 and remote network 192.168.2.0/24 and was working just fine.

Then i wanted to route all the traffic trough the VPN , so i changed the remote network  with 0.0.0.0/0 ( i did the same with local network on the Fortigate)

The result is that the tunnel is up and running , from Teltonika gui and cli i can ping just about everything trought the tunnel.The problem is that from the client on the 192.168.3.0/24 segment i cannot reach anything , not even the teltonika gui at 192.168.3.1.

Is there a different approach when configuring a tunnel VPN in which i want to route all the traffic ? i couldn't find an example for this kind of configuration , any help would be appreciate
by

I am also facing same issue, If you found any helpful guide Please let me know. Thanks

2 Answers

0 votes
by

Hello, try to set on Fortigate side P2 children of RUT subnet and, on RUTos leave remote network at 0.0.0.0/0

IPsec on Openwrt based software is not much easy to understand same as regular firewall appliance.

I advice you to read about Strongswan IPsec and Openwrt firewall wiki for better understanding this.

I do recently IPsec setup with pfSense with schematic here:

https://community.teltonika-networks.com/20509/example-good-ipsec-vpn-site-site-rut240-pfsense-apu2-test-site

but in this example internet route trough wan failover, RUTos automatically switched to it when IPsec tunnel is up, because "I think" some missing rule avoid route "lan to any",

I'm currently research this kind of issue related to strongswan on RUTos. Meowheart

Regards

0 votes
by

Hello,

First of all, I strongly recommend upgrading routers firmware to the latest one, firmware can be found here: https://wiki.teltonika-networks.com/view/RUT955_Firmware_Downloads

Once you update, in the IPsec configuration on RUT950 side, there will be option called Passthrough networks here simply select LAN and that is it. Everything else configure as before and now everything should work just fine.

by
I got this working on an Fortigate by setting phase2 "local addresses" to 0.0.0.0/0.0.0.0 on Fortigate and "Remote subnet" to  0.0.0.0/0.0.0.0 on Teltonika, and like above select "Passthrough networks = LAN".
The problem with Teltonika device i that some functions dont work without reboot, so makes troubleshooting harder.