FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
338 views 6 comments
by anonymous

Dear All,

I would like to configure my RUT950 as follow:

  1. All traffic from one WIFI SSID (LAN 10.10.21.0/24) route to L2TP VPN  
  2. All traffic from second WIFI SSID(LAN 10.10.20.0/24) route to mobile wan

I am using the latest firmware RUT9_R_00.07.02.3   

Can you help me with configuration because I am struggling with the setup.

I have created two WIFI SSID with separate networks but i have an issue how to route the traffic.

Kind regards and thank you in advanced,

Dimitrije

1 Answer

0 votes
by anonymous

Hi,

It can be done by either configuring static routes or a vpn-policy-routing package. 
For an easier way, You can use VPN based routing policy package. This package allows you to configure the routes with a simple series of commands. You can refer to the below link, which shows the OpenVPN traffic splitting using this package:
https://wiki.teltonika-networks.com/view/OpenVPN_traffic_split

While configuring this, just change the network addresses to ones that you have configured and also change the name of interface="VPN", to your l2tp instance's name

Regards,
Ramandeep

Best answer
by anonymous
Hi,

thanks for your answer.

How my command will be look for my setup?

SSID LAN 10.10.21.0/24 L2TP 192.168.10.0/24 - route all traffic including 0.0.0.0/0

Name of the connection is "DE"

And how I can delete or disable or edit rule in case of need?

Thank you so much,

Dimitrije
by anonymous


In your case, it will be like this below (please issue all the commands one by one):

uci set vpn-policy-routing.config.enabled="1"

while uci -q delete vpn-policy-routing.@policy[0]; do :; done

uci add vpn-policy-routing policy

uci set vpn-policy-routing.@policy[-1].dest_addr="10.10.21.0/24 10.10.20.0/24"

uci set vpn-policy-routing.@policy[-1].interface="ignore"

uci add vpn-policy-routing policy

uci set vpn-policy-routing.@policy[-1].src_addr="10.10.21.0/24"

uci set vpn-policy-routing.@policy[-1].interface="DE"

uci commit

/etc/init.d/vpn-policy-routing restart

These configurations are executed through UCI commands. To delete any rule/command, you can use UCI delete attribute for that specific rule. For example, if added ntp server using UCI command as below:

uci add_list system.ntp.server='0.de.pool.ntp.org'

This can be deleted via the UCI delete command:

uci delete system.ntp.server

For more information about UCI commands, please visit the below link:

https://wiki.teltonika-networks.com/view/UCI_command_usage#Available_commands

 

Regards,
Ramandeep

by anonymous

Hi,

Thank you for your help.

I just tried your command but i replaced uci set vpn-policy-routing.@policy[-1].src_addr="192.168.10.0/24" with 0.0.0.0/0 

because i want to route internet via l2tp vpn. I already added static route and i can ping the subnet 192.168.10.0/24

Actually your command is doing the same but i need to route internet traffic.

When i do this internet from 10.10.20.0/24 is also routed to the vpn what i dont want.

How i can fix this?

Thanks

by anonymous
Hi,

I mistyped the address in the above comment. Network 192.168.10.0/4 should not be there in your case. Please refer to the above-edited comment once again and let me know if it works for you or not.

Any device connected to 10.10.21.0/24 will go through an L2TP VPN tunnel and 10.10.20.0/24 networks device will go through mobile WAN.
by anonymous
Hi, thanks so much its working now. I have one more issue now I can reach from the network 10.10.21.0/24  192.168.10.0/24.

but I cannot do it reverse from 192.168.10.0/24 I cannot see for example10.10.21.1. I added route on my server router.

Thanks for your help.

Dimitrije
by anonymous
I think you can reset the device and reconfigure everything again because 192.168.10.0/24 was mistyped by me and it is still affecting the current configurations of the network. OR are you using 192.168.10.0/24 network? if not, then it's better to reset the device and reconfigure everything again.