FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
676 views 4 comments
by anonymous
I have functional S2S VPN setup meaning I can reach the remote subnets on both sites. Still I´m unable to access to the management portal of my RUT360 via VPN. It answers to the ping so its just getting blocked by the router. From the webui System -> administration -> access control I can allow "remote management" but after this the management portal is also accessible from the WAN interface. So how do I configure the webui to be accessible via VPN?

Other VPN device is Fortigate and its reachable from the RUT360:s subnet.

1 Answer

0 votes
by anonymous
Hello,

From Network->Firewall->General Settings in the Zones section set theVPN => lan and lan => theVPN to Accept/Accept/Accept.

Regards,
by anonymous
Hi!

There is no VPN zone by default. Of course I can create it but in covered networks there are only lan, wan, wan6 and mob1s1a1. How can I attach my ipsec tunnel to the zone? Just creating a zone called VPN didnt do the magic.

EDIT: I can make my router 443 port reachable by creating firewall rule to allow traffic from WAN -zone to the device input. So I quess I should detach ipsec tunnel from WAN -zone to be able to create firewall rules for it. Any hints how to do that? Or am I totally lost here?
by anonymous
You can enable HTTPS wan access for a list of source ip addresses only, simply edit the rule using the pen.  But that doesn't explain why setting the zone doesn't work.
by anonymous
Yeah. I do not want to open the webui for a WAN interface but for a VPN. At the moment the VPN connection seems to be a part of a WAN -zone. I can create a new zone but for it to work I should move the vpn connection from WAN to this new zone? How do I do that? I´m in latest firmware.

EDIT: Ok had to turn around my thinking on this. I made a firewall rule enabling webui access to the wan interface but restricted the access only for the subnet of the other site. This way it works as needed but still I would like to know how to setup a separate zone for IPSEC or other tunnels.
by anonymous
It is straightforward for wireguard but not so for ipsec apparently, ipsec in recent versions doesn't use a dedicated interface the ip address of the tunnel is added to the wwan0 interface. A separate tun interface would be needed in order to define a zone.