10456 questions

12456 answers

19379 comments

21880 members

0 votes
248 views 5 comments
by
Hi,

I need that all traffic goes by VPN IPSEC and the remote access is permitted, only by server LAN o Local LAN ports.

1 Answer

0 votes
by
Hello,

Yes, you can route all traffic through an IPsec tunnel. Very recently someone else asked this question and I think this query will help you out: https://community.teltonika-networks.com/26516/route-whole-traffic-through-ipsec-tunnel

Best regards.
by
LOL. that thread does not have a solution.
by
Set Remote subnet to 0.0.0.0/0 the device at the other end will narrow the traffic as appropriate. Setting Default route is not enough.
by
ok, i did that on my RUTX11. now all traffic is routed trough the vpn tunnel, but DHCP on the laninterface is not longer working.
by
Could you take a tcpdump -i any -n -v 'port 67 or port 68' ? You'll probably need to set a policy rule to prevent bootpc/bootps packets being intercepted.
by

That's strange indeed. Maybe you'll need to add an explicit rule soon enough in ipatbles to accept udp/67 packets so they will not be forwarded to the remote end of the tunnel ?

If so add to /etc/config/firewall, at the beginning of the file:

config rule
        option name 'Allow-DHCP'
        option src 'lan'
        option proto 'udp'
        option dest_port '67'
        option target 'ACCEPT'
        option family 'ipv4'
and execute /etc/init.d/firewall restart