FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
732 views 5 comments
by
Hi,

I need that all traffic goes by VPN IPSEC and the remote access is permitted, only by server LAN o Local LAN ports.

1 Answer

0 votes
by anonymous
Hello,

Yes, you can route all traffic through an IPsec tunnel. Very recently someone else asked this question and I think this query will help you out: https://community.teltonika-networks.com/26516/route-whole-traffic-through-ipsec-tunnel

Best regards.
by anonymous
LOL. that thread does not have a solution.
by anonymous
Set Remote subnet to 0.0.0.0/0 the device at the other end will narrow the traffic as appropriate. Setting Default route is not enough.
by anonymous
ok, i did that on my RUTX11. now all traffic is routed trough the vpn tunnel, but DHCP on the laninterface is not longer working.
by anonymous
Could you take a tcpdump -i any -n -v 'port 67 or port 68' ? You'll probably need to set a policy rule to prevent bootpc/bootps packets being intercepted.
by anonymous

That's strange indeed. Maybe you'll need to add an explicit rule soon enough in ipatbles to accept udp/67 packets so they will not be forwarded to the remote end of the tunnel ?

If so add to /etc/config/firewall, at the beginning of the file:

config rule
        option name 'Allow-DHCP'
        option src 'lan'
        option proto 'udp'
        option dest_port '67'
        option target 'ACCEPT'
        option family 'ipv4'
and execute /etc/init.d/firewall restart