FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
183 views 0 comments
by anonymous
Hi,

I've a SCADA who's a VPN client from a VPN HUB (SCADA-HUB). The SCADA communicates with all devices (20x) within the same VPN HUB (SCADA-HUB), and that's working great. Within all these devices there's 2 that required to communicate together (LAN to LAN), but all other devices most not being able to communicate with those two. If I enable LAN-to-LAN with the devices in the (SCADA-HUB) all other devices in the same VPN hub gain access to it...

I've created a 2nd VPN hub with only these 2 devices with the LAN-to-LAN enabled.

Everything works but randomly... when one of the devices gets connected both VPN-HUB push routes to the devices. Both VPN hub pushes the same IPV4-routes to the same device. When there's a IPV4-Route conflict, it simply overwrites it (normal).

When you look at the attached picture, sometime the 10.100.10.0/24 routes is with the (tun_c_rms_ZEy....) network and sometime the it is with the (tun_c_rms_mGw...) network.

Is there a way to force the configuration has the picture... to always use the same route ?

Is there other solutions ?

Thanks,

1 Answer

+1 vote
by anonymous

Hello,

I would suggest the following.

  • Connect your devices to a single hub, similar to what you did before. If you want LAN-to-LAN communication between your other devices, enable LAN forwarding in the RMS HUB settings. Otherwise, disable LAN forwarding.
  • For the two devices that need to communicate LAN-to-LAN while restricting other devices, configure static IP addresses in the RMS VPN HUB settings. For example, assign the static IP address 192.168.255.21 to one of the devices.

  • On your router, go to Network -> Firewall -> General and edit the RMS zone. If you want VPN traffic to have access to the LAN network, make sure to include the LAN zone in the "allow forward to destination zones" field. If you don't want VPN traffic to access the LAN network, remove the LAN zone from this field.

By removing the LAN zone from the "allow forward to destination zones" field, you prevent VPN traffic from accessing the LAN network.

  • Navigate to Network -> Firewall -> Traffic rules and create a separate rule that allows only specific IP addresses from the RMS zone to access the LAN network. Here's an example:
    • Source Zone: RMS
    • Source Address: 192.168.255.21 (the device with the static IP)
    • Destination Zone: LAN
    • Action: Accept

This rule ensures that only traffic originating from the device with the IP address 192.168.255.21 in the RMS zone will be allowed to access the LAN network.

By following these steps, you can control the communication between devices in the RMS VPN HUB and the LAN network based on your requirements. So similar firewall rules should be configured on the other devices as well if you want LAN-to-LAN communication between those.

Let me know if you encounter any issues.

Kind Regards,

Andzej

Best answer