10855 questions

12932 answers


25379 members

0 votes
942 views 2 comments
Hello , i have set up an IPSEC tunnel from a RUT950  firmware 6.0.6 to a Fortigate firewall.

I found a configuration that works following this tutorial :


The only difference was that i had to flag the tab force encapsulation, not sure why that was necessary but it is not the main issue.

Originally i set up the VPN as the example , with local network and remote network and was working just fine.

Then i wanted to route all the traffic trough the VPN , so i changed the remote network  with ( i did the same with local network on the Fortigate)

The result is that the tunnel is up and running , from Teltonika gui and cli i can ping just about everything trought the tunnel.The problem is that from the client on the segment i cannot reach anything , not even the teltonika gui at

Is there a different approach when configuring a tunnel VPN in which i want to route all the traffic ? i couldn't find an example for this kind of configuration , any help would be appreciate

I am also facing same issue, If you found any helpful guide Please let me know. Thanks

2 Answers

0 votes

Hello, try to set on Fortigate side P2 children of RUT subnet and, on RUTos leave remote network at

IPsec on Openwrt based software is not much easy to understand same as regular firewall appliance.

I advice you to read about Strongswan IPsec and Openwrt firewall wiki for better understanding this.

I do recently IPsec setup with pfSense with schematic here:


but in this example internet route trough wan failover, RUTos automatically switched to it when IPsec tunnel is up, because "I think" some missing rule avoid route "lan to any",

I'm currently research this kind of issue related to strongswan on RUTos. Meowheart


0 votes


First of all, I strongly recommend upgrading routers firmware to the latest one, firmware can be found here: https://wiki.teltonika-networks.com/view/RUT955_Firmware_Downloads

Once you update, in the IPsec configuration on RUT950 side, there will be option called Passthrough networks here simply select LAN and that is it. Everything else configure as before and now everything should work just fine.

I got this working on an Fortigate by setting phase2 "local addresses" to on Fortigate and "Remote subnet" to on Teltonika, and like above select "Passthrough networks = LAN".
The problem with Teltonika device i that some functions dont work without reboot, so makes troubleshooting harder.