WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUT240 - Sonicwall IPSec Tunnel doesn't routes to hosts behind gateways

0 votes
640 views 16 comments
by anonymous

Hello Everyone,

i've setup an IPSec tunnel between my main gateway, a Sonicwall firewall, and a RUT240 off-site, following this guide https://kaunas.teltonika.lt:444/f/6d6b4731ea324fc881b9/?dl=1

Sonicwall LAN --> 192.168.1.0/24
RUT240 LAN --> 192.168.30.0/24

The tunnel is active, as shown in sonicwall webUI and also with an ipsec status on RUT240.
From my hostin Sonicwall LAN i can ping RUT240 (192.168.30.1), i can connect to it via ssh and then i can successfully ping and connect to hosts behind RUT240 (e.g. 192.168.30.52).

However, i can't directly ping or ssh into the mentioned hosts.

I've checked for firewall rules and also tried to add static routes for my Sonicwall LAN on RUT240, without succeeding. I'm out of ideas, could you please help me sort this out?

Thank you all in advance.

1 Answer

0 votes
by anonymous
Hello,

What are the leftsubnet and rightsubnet values on both sides of the tunnel ?

Sonicwall side: leftsubnet: 192.168.1.0/24, rightsubnet:192.168.30.0/24 at minima
RUT side: leftsubnet:192.168.30.0/24, rightsubnet:192.168.1.0/24 idem at minima

Regards,
Show 11 previous comments
by anonymous
Strange. Can you execute the tcpdump as above but on 192.168.30.X device and ping it from the Sonicwall side ?
by anonymous
Currently we're using it under the workaround configuration, i will get back to you as soon as i manage to restore the original one and perform the test. Thank you very much.
by anonymous
Do you have a firewall active on your 192.168.30.X device ? I find strange that there is no reply from the ICMP echo request ... nor other ICMP unreachable/other error coming back.

Sorry there was a type in the target of the ping, it was of course ping 192.168.30.X idem for the tcpdump, tcpdump -i any -n -v 'icmp and host 192.168.30.X'
by anonymous

Good Morning,
there's no firewall on 192.168.30.X, actually i've verified firewall was inactive and also tried to disable it manually.

I've tried the tcpdump as you mentioned, but i can notice the same behaviour:

myuser@RUT240:~# tcpdump -i any -n -v 'icmp and host 192.168.30.X'
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
14:29:49.434970 IP (tos 0x0, ttl 64, id 32131, offset 0, flags [DF], proto ICMP (1), length 84)
   192.168.1.X > 192.168.30.X: ICMP echo request, id 7, seq 60, length 64

On 192.168.1.X the ping hangs indefinetly:

myuser@mymachine:~$ ping 192.168.30.X
PING 192.168.30.X (192.168.30.X) 56(84) bytes of data.
^C
--- 192.168.30.X ping statistics ---
200 packets transmitted, 0 received, 100% packet loss, time 203765ms


 

by anonymous
And what is the output of a tcpdump -n -v icmp on the 192.168.30.X ?