Question

We have the RUT950 with LTE (4G) connection to a Telco (Vodafone) which is performing Network Address Translated (NAT) by the Telco to the Internet using a shared IP.  Does Teletonika support Dynamic DNS with IPsec Site-To-Site VPN  to a Firewall with a static IP Address that terminates the VPN conneection. The DDNS is being used as we have IoT devices connected at the end of the Teltonika router and we want the VPN tunnel to follow the IP address changes on 4G.

Answer 1

I have the same situation. You cannot have a traditional S2S vpn with a shared public ip on 1 end. Dynamic address are not the issue as long as they are dedicated and not shared. I fixed the issue by setting up the Rut as VPN client (ipsec) and use the central (static) firewall as it’s endpoint. When the tunnel is established, bidirectional traffic can flow over the vpn tunnel. Some firewalls call it dynamic vpn, others dialup. In this situation the Rut is the initiator of the vpn and the central firewall is the passive listener waiting for an inbound vpn tunnel.

Comments

Great thank you for the response, will ty the VPN client for a remote access type connection :)