FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
2,310 views 7 comments
by anonymous

So I've be able to get an IPSEC vpn working with the help of Felbourse between a RUT955 and RUTX11 now my next challenge is as follows

The RUT955 is the router with the public facing IP and the RUTX11 doesn't have a public facing internet address.

I have a device sitting on 1 end of the vpn that I need to get access to from the internet, I've configured port forwarding in the internet facing router but it's still not working.

The image below is how everything goes to together, I'll have 2 remote sites and the main site which has the public facing IP address.

I

2 Answers

+1 vote
by anonymous
Hello,

In Services->VPN->IPSEC->(your instance)->Advanced Settings, set Remote subnet to 0.0.0.0/0

Regards,
by anonymous
I've tried this and every time I lose access to the router
by anonymous
Witch router ? The RUTX11 ?

What are the values of the "Local subnet" and "Remote subnet" fields on both ends of the tunnel ?

Did you set "Default route" on the RUTX11 ? The RUT955 ?
by anonymous

Hi Flebourse

Here are my configurations for both the RUT955 which has the public static IP address and the RUTX11 which has the device connected to it.

by anonymous
Could you try with left firewall and right firewall off on the RUT955, and Local and Remote firewall off on the RUTX11, and set Default route on the RUTX11 ?
by anonymous
When I do that no traffic flows at all between the network
by anonymous
Could you print the result of

 - "ipsec statusall" on both routers,

 - idem "ip route show" and "ip route show table 220"

 - idem "fw3 print | grep policy"

Maybe that will tell something but IPSEC is a large beast and is not always easy to debug.
0 votes
by anonymous
Hello,

I think this thread has instruction for your use case on how to route all traffic through IPsec: https://community.teltonika-networks.com/22918/route-whole-traffic-through-ipsec-vpn?show=22918#q22918

Regards.
by anonymous
I had a look at this and tried what they suggested but I end up losing access to the router