FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12008 questions

14286 answers

22528 comments

35904 members

0 votes
168 views 1 comments
by

I'm attempting to connect two networks with identical LANs through an IPSec VPN as the attached image.

RUT 950A: Router 192.168.140.253, LAN 192.168.140.0/24, WAN 192.168.55.50

RUT 950B: Router 192.168.140.253, LAN 192.168.140.0/24, WAN 192.168.55.51

Both RUT950s are loaded with RUT9XX_R_00.06.08.5 firmware.

Because of the overlapping subnets I've been trying to remap each RUT950 LAN to a new IP range using custom firewall rules and have added static routes.

RUT 950A

iptables -t nat -A postrouting_lan_rule -s 192.168.140.0/24 -j SNAT  --to-source 192.169.140.0

iptables -t nat -I prerouting_lan_rule     -d 192.169.140.0/24 -j DNAT  --to-destination 192.168.140.0

RUT950B

iptables -t nat -A postrouting_lan_rule -s 192.168.141.0/24 -j SNAT  --to-source 192.169.141.0

iptables -t nat -I prerouting_lan_rule  -d 192.169.141.0/24 -j DNAT  --to-destination 192.168.141.0

I've configured the systems as below and can ping between 192.168.55.50 and 192.168.55.51, so the VPN is up, but I can't ping between the two LANs (The Enable check box is set when the system is running)

I've had a look at the 'Enable_IPsec_WebUI' traffic rule and the extra arguments make reference to the ipsec policy (-m policy --dir in --pol ipsec), I'm guessing that my configuration so far needs to reference this policy some how. 

Any suggestions gratefully accepted.

1 Answer

0 votes
by
Hi,

Unfortunately, we do not have examples for such use case. But I could recommend you firstly try to set up such topology when A and B routers are in different subnets and after that, try to reach your scenario.
by
Thanks for the response. I've asked the question in another format and have received a satisfactory answer.

https://community.teltonika-networks.com/39454/rut950-ipsec-vpn-overlapping-subnets