Question

Hello. After configuring ipsec tunnel from Teltonika RUTXR1 to Head office VPN router, I need to access several network services (inside Head Office LAN) from RUTXR1. For this to work, all requests from RUTXR1 must come from its LAN IP, because only LAN subnet are announced in IPSEC tunnel. Question is: how to do this? Or is there another way, how to solve this problem? Network services are: NTP, DNS, may be syslog ...

Answer 1

Hello,

In order to have all packets coming from the RUTXR1's LAN IP you need to enable Masquerading in the firewall, go to Network->Firewall->General Settings/Zone=>Forwarding section enable ipsec=>lan forwarding there.

You also need to declare the subnets you want to reach in Services->Ipsec, edit the tunnel parameters in section Connection Settings / General Settings add them to the Remote subnet list.

Regards,

Comments

Second part is understandable. First part is unclear. There is no such predefined firewall zone as ipsec. Can you be a little more specific, please.

---

If you don't have an ipsec zone you need to create it first, and enable Local firewall in Connection Settings->Advanced settings for your IPSEC tunnel.

---

here is my problem. I do not know how to create ipsec fw zone, since ipsec has no interface.

---

Go to Network->Firewall->General Setting use the ADD button in the Zones section.

---

I know how to add a zone. I do not understand, how to add a zone, what defines ipsec tunnel. Are you saying, what i need just add a zone, name it "ipsec" and that is all?

---

Apparently the ipsec configuration has been changed in recent versions, however the optional interface field is still handled by /etc/init.d/ipsec. I'll check to see if there is a workaround.

---

Any news regarding this?

I think i have the same issue. My IPsec VPN tunnel is up and running but not traffic is going over the VPN.

I have remote and local FW enable but no firewall rule the mention IPsec neither am i able to select it.