Question

Dear All,

I would like to configure my RUT950 as follow:

1. All traffic from one WIFI SSID (LAN 10.10.21.0/24) route to L2TP VPN  
2. All traffic from second WIFI SSID(LAN 10.10.20.0/24) route to mobile wan

I am using the latest firmware RUT9_R_00.07.02.3   

Can you help me with configuration because I am struggling with the setup.

I have created two WIFI SSID with separate networks but i have an issue how to route the traffic.

Kind regards and thank you in advanced,

Dimitrije

Answer 1

Hi,

It can be done by either configuring static routes or a vpn-policy-routing package. 
For an easier way, You can use VPN based routing policy package. This package allows you to configure the routes with a simple series of commands. You can refer to the below link, which shows the OpenVPN traffic splitting using this package:
https://wiki.teltonika-networks.com/view/OpenVPN_traffic_split

While configuring this, just change the network addresses to ones that you have configured and also change the name of interface="VPN", to your l2tp instance's name. 

Regards,
Ramandeep

Comments

Hi,

thanks for your answer.

How my command will be look for my setup?

SSID LAN 10.10.21.0/24 L2TP 192.168.10.0/24 - route all traffic including 0.0.0.0/0

Name of the connection is "DE"

And how I can delete or disable or edit rule in case of need?

Thank you so much,

Dimitrije

---

In your case, it will be like this below (please issue all the commands one by one):

uci set vpn-policy-routing.config.enabled="1"

while uci -q delete [email protected][0]; do :; done

uci add vpn-policy-routing policy

uci set vpn-po[email protected][-1].dest_addr="10.10.21.0/24 10.10.20.0/24"

uci set [email protected][-1].interface="ignore"

uci add vpn-policy-routing policy

uci set [email protected][-1].src_addr="10.10.21.0/24"

uci set [email protected][-1].interface="DE"

uci commit

/etc/init.d/vpn-policy-routing restart

These configurations are executed through UCI commands. To delete any rule/command, you can use UCI delete attribute for that specific rule. For example, if added ntp server using UCI command as below:

uci add_list system.ntp.server='0.de.pool.ntp.org'

This can be deleted via the UCI delete command:

uci delete system.ntp.server

For more information about UCI commands, please visit the below link:

https://wiki.teltonika-networks.com/view/UCI_command_usage#Available_commands

 

Regards,
Ramandeep

---

Hi,

Thank you for your help.

I just tried your command but i replaced uci set vpn-policy-rou[email protected][-1].src_addr="192.168.10.0/24" with 0.0.0.0/0 

because i want to route internet via l2tp vpn. I already added static route and i can ping the subnet 192.168.10.0/24

Actually your command is doing the same but i need to route internet traffic.

When i do this internet from 10.10.20.0/24 is also routed to the vpn what i dont want.

How i can fix this?

Thanks

---

Hi,

I mistyped the address in the above comment. Network 192.168.10.0/4 should not be there in your case. Please refer to the above-edited comment once again and let me know if it works for you or not.

Any device connected to 10.10.21.0/24 will go through an L2TP VPN tunnel and 10.10.20.0/24 networks device will go through mobile WAN.

---

Hi, thanks so much its working now. I have one more issue now I can reach from the network 10.10.21.0/24  192.168.10.0/24.

but I cannot do it reverse from 192.168.10.0/24 I cannot see for example10.10.21.1. I added route on my server router.

Thanks for your help.

Dimitrije

---

I think you can reset the device and reconfigure everything again because 192.168.10.0/24 was mistyped by me and it is still affecting the current configurations of the network. OR are you using 192.168.10.0/24 network? if not, then it's better to reset the device and reconfigure everything again.