WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUT X11 - WLAN , Guest WLAN and OPENVPN

0 votes
188 views 0 comments
by anonymous

Hi Folks

Testing our first RUTX11.

Our target configuration is shown in the attachment 
I have the two ESSIDs running 100% but am struggling to get openvpn to pass traffic (It can connect but thats all) 
Normally when the client connects to the VPN server we use the REDIRECT GATEWAY DEF1 directive on the server side 
to repoint the default route into the tunnel , but , if I am interpreting things correctly, this would also redirect the GUEST
network into the same tunnel - which we do not want.

Also the hosts in SERVICES need to talk to one another. Hosts in GUESTS are prevented from doing so.

[EDIT -  230721] after 18 hours straight analysis I now have VPN traffic flowing from SERVICES to the Private Network and reasonable (openvpn is always a pain to tune) throughput - I will write up a forum post / edit a wiki in a few days .

Nevertheless when the VPN is UP the guest network LOSES internet connectivity so the questions I have below are still valid.

Is the VPN configuration achievable with the RUTX11 Please ?

If so - how do your redirect only the WLAN1 gateway into the TUNnel please ?

Regards 

BB  

1 Answer

0 votes
by anonymous

Answering my own questions for the greater good of the community after 24 man hours of deep dive into the X11 CLI


Can it be done ? 

Yes it can 

How do you stop redirection of the default gateway by the remote VPN server ?

1) By adding route-nopull into the extra options field of the VPN Client config , then;

2) By adding static routes* on the X11 for the remote VPN protected subnets 

* However at the time of writing firmware RUTX_R_00.07.00 has a fault whereby static
   routes input via the GUI are not written to the active routing tables. Adding them from the 
   CLI makes it work, but the routes are not persisted after reboot. See my other post on that 
   topic.

Once this issue is sorted I will post either a full solution forum message here or I will update the 
Wiki with a full howto. It was a long journey! 

[EDIT 240721] the GUI on R00.07.00 has major issues - you cannot write the static routes into the extra options 
field using the GUI as it does not accept use of the <space> character you must write them directly to /etc/config/openvpn
I've posted separately on this matter 

Regards 

BB