Question

Hallo,

after updating an RUT240 from legacy firmware 01.14.7 to 07.04.03 im not able to access the Webinterface of RUT240 trough the Tunnel.

So i locked myself out. : - (

- Tunnel is up.

- Data is going trough.

- WebUI works when in LAN.

Comments

I do not know, how are you open web via ipsec befor upgrade, but I add firewall rule for every router, what I want manage via ipsec tunnel (https from wan are off).

config rule 'xxxxx'

option proto 'tcp'

option name 'Enable_HTTPS_IPSEC'

option target 'ACCEPT'

option src 'wan'

list dest_port '443'

option enabled '1'

option extra '-m policy --dir in --pol ipsec'

option utc_time '0'

option priority '15'

---

Topology is pretty simple: RUT240 establishes Dialup-SitetoSiteVPN via mobileWAN.

10.209.212.34[RUT240_Test]...XXX.XXX.XXX.XXX[XXX]

local 192.168.203.168/30 === 192.168.211.0/24 remote

---

yes, "https from wan" is off and should stay off.

In the legacy firmware was a checkbox in the IPsec Config to "enable remote http(s)". I did not find this in the new firmware.

I guess this will generate a firewall rule similar described by Voljika. Probably this generated rule was lost by update.

Adding a custom firewall rule before the update surely is a viable workaround ...if somebody is able to see the future ;-)

I will use this for further upgrades. Nevertheless i regard this behavior as a bug.

Answer 1

Hello,

Provide me with the troubleshoot file and topology of your project so that I can see how everything is connected. 

Best Regards