WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUT240, bug in IPSec remote subnet configuration GUI? (it was not)

0 votes
190 views 0 comments
by anonymous

I have configured IPSec VPN from RUT240 to Juniper vSRX. tunnel goes up, but traffic does not pass. Tunnel is route based if it matters. I noticed that this is related to remote subnet configuration in RUT240 settings. 

  • If I define only one remote subnet in RUT240, VPN works
  • If I define two or more remote subnets in RUT240, VPN does not work

I looked into /etc/config/ipsec

GUI creates multiple remote_subnet entries:

list remote_subnet '192.168.45.0/24'

list remote_subnet '192.168.46.0/24'

But then strongswan documentation suggests that remote networks should be comma separated list. So I edited ipsec file to have networks listen in one line:

list remote_subnet '192.168.45.0/24, 192.168.46.0/24'

Then from GUI I disabled and enabled VPN (since not sure how to restart process from cli) and now VPN works with multiple networks. But now I cannot edit IPSec tunnel settings in GUI, it says that configuration is invalid.

Firmware in RUT240 is "RUT2_R_00.07.02.7"

1 Answer

0 votes
by anonymous
Sorry I rushed into conclusions, apparently service randomly picks one of the separated routes and it seemed to work in my tests.

I found out that I need to define traffic selectors in Juniper to make multiple subnets to work with RUT