Dear Teltonika Community,
I need help configuring OpenVPN on my RUTX12 with the following setup:
- OpenVPN clients should connect to the server via the device’s external Ethernet IP (e.g.,
11.11.11.11 static).
- Connected clients should route their internet traffic through different mobile interfaces:
- **Client openvpn 1 ** → Use Mobile Internet 1 (IP:
12.12.12.12)
- Client openvpn 2 → Use Mobile Internet 2 (IP:
13.13.13.13)
How can I achieve this split routing? Are there specific firewall rules, OpenVPN server settings, or policy-based routing configurations required?
Thank you in advance for your support!
Hello,
I believe your described setup can be achieved using policy-based routing. This allows you to route traffic from different OpenVPN client IPs through specific WAN interfaces based on defined rules.
More information and guidance on policy-based routing can be found in the wiki documentation here:
Additionally, similar setups and discussions were covered on the forum, which may offer helpful insights:
Let us know if further assistance with creating rules is needed.
Best regards,
server openvpn
tls-server
auth sha256
cipher AES-256-CBC
dev tun_s_b1
keepalive 10 120
mode server
port 1194
proto udp
push “dhcp-option DNS 8.8.8.8”
push “route-gateway 10.8.0.1”
push “route 192.168.1.0 255.255.255.0”
push “route 192.168.2.0 255.255.255.0”
resolv-retry infinite
topology subnet
server 10.8.0.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
script-security 2
verb 5
client b1_client_1
client
tls-client
auth sha256
cipher AES-256-CBC
dev tun_s_b1
keepalive 10 120
port 1194
proto udp
remote “this is static ip internet provider”
nobind
script-security 2
verb 5
static virtual ip
root@RUTX09:~# cd /etc/openvpn/ccd/
root@RUTX09:/tmp/etc/openvpn-ccd# cat b1_client_1
ifconfig-push 10.8.0.10 255.255.255.0
root@RUTX09:/tmp/etc/openvpn-ccd#
police
routing rule
If I add:
push “redirect-gateway def1 bypass-dhcp”
to OpenVPN server config, clients get internet access but only through Ethernet (static IP), not through mobile interface.
If I delete this line, clients lose internet access completely.
I need clients to:
- Connect to VPN server via Ethernet (provider’s static IP)
- Have their internet traffic routed through mobile interface
Hello,
From the first view, the created static route is a bit incorrect:
- For interface, the VPN client’s interface should be selected;
- For target and netmask –
0.0.0.0;
- Gateway should be the mobile WAN IP.
Then, in the routing rule:
- The Incoming interface is logical interface where the client resides.;
- Outgoing interface – leave empty;
- Source subnet – specify the IP address of the VPN client.
- Destination subnet – can be left empty;
- Lookup Table – ID of routing table (
1), correct.
Check these points and let me know how it goes.
Best regards,
At the moment, I’m testing on a local machine.
The VPN is working well, but client can’t get a mobile IP for the internet connection.
Same result.
I tried every possible combination with the interface.
Same result.
And the mobile IP is dynamic.
My task requires connecting from a static Ethernet IP, then obtaining the client’s mobile IP. It could also be something like a proxy server with login authentication, but I would still face the same problem.
This topic was automatically closed after 61 days. New replies are no longer allowed.
This topic was automatically closed after 17 hours. New replies are no longer allowed.
