529
edits
Changes
→Modifying Firewall Zones
To set up LAN to LAN communication via RMS VPN Hub, you would need some additional configuration. As shown in the topology below, we are going to set up communication between two end devices connected to Teltonika Networks routers, which are RMS VPN clients.
To set up LAN to LAN communication via RMS VPN Hub, you would need some additional configuration. As shown in the topology below, we are going to set up communication between two end devices connected to Teltonika Networks routers, which are RMS VPN clients.
[[File:Vpnhubstopology.jpg|700px|border|class=tlt-border]]
The topology above contains two Teltonika routers ('''RUT1''' and '''RUT2''') with two end devices ('''END1''' and '''END2'''), each connected to a separate router's LAN. Both routers are added to the same RMS VPN Hub as RMS VPN clients. When this configuration is completed, not only will the two routers be able to communicate with each other, but the end devices will also be reachable to one another and from each router.
The topology above contains two Teltonika routers ('''RUT1''' and '''RUT2''') with two end devices ('''END1''' and '''END2'''), each connected to a separate router's LAN. Both routers are added to the same RMS VPN Hub as RMS VPN clients. When this configuration is completed, not only will the two routers be able to communicate with each other, but the end devices will also be reachable to one another and from each router.
=== Adding Routes===
=== Adding Routes===
----
----
Before adding routes to end devices, we have to enable the LAN forwarding feature. To enable forwarding, follow these steps:
Before adding routes to end devices, we have to enable the LAN forwarding feature. LAN forwarding modifies Firewall Zone covering RMS VPN, to allow VPN traffic to reach end device's LAN network. If you were to enable WAN forwarding, you would be able to reach end point connected to the device's WAN port. To enable forwarding, follow these steps:
* Click on the Hub and navigate to the '''Routes''' section.
* Click on the Hub and navigate to the '''Routes''' section.
* In the '''Clients''' tab, click on the LAN toggle to enable forwarding.
* In the '''Clients''' tab, click on the LAN toggle to enable forwarding.
For the end devices to be able to reach each other, we are going to need to modify Firewall zones in both '''RUT1''' and '''RUT2'''. Follow these steps to edit Firewall zones:
For the end devices to be able to reach each other, we are going to need to modify Firewall zones in both '''RUT1''' and '''RUT2'''. Follow these steps to edit Firewall zones:
*Navigate to '''Network -> Firewall -> General settings'''.
*Navigate to '''Network -> Firewall -> General settings'''.
*In the zones section, click the edit button on WAN zone (wan -> REJECT).
*In the zones section, click the edit button on LAN zone:
[[File:FW Zones section.png|900px|border|class=tlt-border]]
[[File:Newfilelan.png|950px|border|class=tlt-border]]
*In the '''Inter-Zone Forwarding''' section, click on '''Allow forwarding to destination zones''' and select '''rms''' (for example, rms_xzkEgQ: openvpn).
*In the '''Inter-Zone Forwarding''' section, click on '''Allow forwarding to destination zones''' and select '''rms''' (for example, rms_xzkEgQ: openvpn). This allows traffic from LAN to reach RMS VPN.
[[File:RMS Inter zone forwarding.png|900px|border|class=tlt-border]]
[[File:Forwardingzoneslan.png|450px|border|class=tlt-border]]
After Clicking on '''Save & Apply''' for both routers, the setup is completed and the LAN to LAN communication between devices should work.
After clicking on '''Save & Apply''' for both routers, the setup is completed and the LAN to LAN communication between devices should work.
=== Testing the configuration===
=== Testing the configuration===
