FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
164 views 1 comments
by anonymous

Hi, I am currently planning a more complex retail PoC with Teltonika (RUTX11) hardware.

All use case examples provided by Teltonika in https://teltonika-networks.com/use-cases/retail/ are "kinda" simple when coming to LAN networking or VPN. Like https://teltonika-networks.com/use-cases/retail/fast-and-uninterrupted-retail-connectivity - lacking separated local VLANs for POS, guest wifi, etc.... Would this be possible?

What i need is having a RUTX11 per site which provides: 

  • LAN: 3 different VLAN; each on one of its three Ethernet ports which I'd like to call three local "zones" (CORP-POS, GUEST, DEFAULT). DHCP servers in each zones, serving three different IP networks
  • WIFI: Each of these "zones" should also provide a dedicated WiFi-Network on the RUTX11
    • Optionally: Provide a Captive Portal on the GUEST-zone (WIFI)
  • WAN: MultiWAN Failover; Priority: 1st: DHCP on WAN, 2nd: WIFI-Client-WAN ; 3rd/Backup: LTE/WWAN
  • VPN-Client: 
    • From the CORP-POS-zone connect a Wireguard-Client VPN to a central corporate Wireguard server and route all traffic from the CORP-POS-zone through this tunnel (and the corporate internet uplink)
    • From the GUEST-zone connect a Wireguard-Client VPN to some privacy VPN-Provider (Mullvad/IVPN) and route all traffic from this "zone" through this tunnel to the internet
    • From the DEFAULT-zone route all stuff directly to the local internet provider
  • VPN-Server:
    • Provide a Wireguard-VPN-Server to connect maintenance staff from outside to the location and access DEFAULT zone
    • Optionally: Provide a second Wireguard-VPN server which "connects" to the GUEST-zone and and utilizes its uplink VPN for outgoing traffic (chained wireguard)
Well, I managed to get some parts working - but for most of the VPN und multi uplink routing part I got no clue wheter that is even possible? Could someone assist with some advice? Does Teltonika offers consulting with setups like this? Could someone punch me in the right direction? Thanks for any help / ideas on this.

1 Answer

0 votes
by anonymous

Hello,

  

All of the configurations should be possible. I'll go through each of them with examples.

  • VLANs
    • Untagged VLANs can be set up in the Network → VLAN → Port Based menu. Then, a new interface needs to be created in the Network → Interfaces section, and in the Physical settings, the appropriate VLAN ID needs to be selected. 
    • A configuration example for untagged VLANs can be found here.
  • WiFi
    • Configuration example on how to set up a guest WiFi network can be found here
    • We also have a Hotspot package, which would allow you to have a captive portal running on the RUTX11. Explanations of the Hotspot configuration can be found here.
    • Multiple WiFi SSIDs can be set up on the same physical WiFi interface.
  • WAN
    • Failover package can do exactly what you need. Since all of the interfaces you mentioned use different communication mediums, they will all be active at the same time. This ensures that the failover will be almost unnoticeable (1-2 seconds).
    • More information about failover can be found here.
  • WireGuard
    • The only resource we have, are the configuration example found here, and the explanation of the package here.
    • I believe to be able to achieve such routing, a package called vpn-policy-routing will need to be used. It is a CLI-only package, and it is community supported (not by us). It seems like some more useful information on this package can be found here, here, and here. It is also briefly touched on in this configuration example.
Hope this helps.

  

Best regards,
DaumantasG
by anonymous

Hello DaumantasG, and thanks a lot for your answer and help with this!

I expect most complexity when combining the multiple wireguard vpn-policy-routing thingy with the failover package. Complexity =  as in "glueing" it all together. Will start my journey sonn and eventually / hopefully come back with my working solution - or more questions ;-)

Best regards, 

zapho