Question

Hello, we have successfully configured an IPSec VPN connection between two Teltonika routers. Now we have the task to allow traffic from one network into the other, but not the other way round. I understand the IPSec VPN has no extra zone, so I tried to achieve this with the "leftfirewall" and "rightfirewall" settings, but it seems not to do what we need - or we could not figure out which combination of firewall settings in the IPSec dialog is correct.

What we want to achieve is:

lan a -> ROUTER A -> VPN -> ROUTER B - lan b : OK (maybe limited by destination ports)

lan b -> ROUTER B -> VPN -> ROUTER A - lan a : REJECT

How can we achieve this behavior? I would also use the custom IPTABLES rules, but I would need an exampe for a script then.

Answer 1

Hi,

I would like to ask for more information. First of all, which routers do you use? Also, please specify firmware versions. I will try to replicate your use case and come up with a solution.

Regards.

Comments

As written in the subject, these are two RUT-240. We use public IP addresses for both routers and so the IPSec VPN setup is a pretty straightforward one using the DDNS names of the remote router. The firmware is RUT2XX_R_00.01.14 on both routers.

Thank you for looking into this!

---

Did you make any progrss on this? Or do you have an example for a firewalling script?

---

Hi,

Unfortunately, I have not tested it yet. I will try to look into it as soon as possible.