Good day!
I’m running a Teltonika RUT241, OS version is RUT2M_R_00.07.11.3.
The setup: i establish a VPN IPSec IKEv1 tunnel with a default route, everything is working as expected, devices behind the Teltonika can reach the WWW via the router on the other side of the tunnel.
The issue: when the tunnel is down traffic is routed via WAN interface(a SIM card). I need to block traffic from leaving the WAN interface and use only the VPN default route. I have surfed the web and can’t find a similar case. All the rules i have tried either don’t work or block traffic both WAN and VPN.
Did anyone have a similar task/issue/experience?
I have tried a bunch of different rules or iptables.
These do nothing.
config rule '33'
option name 'Allow-LAN-to-IPsec'
option src 'lan'
option dest 'wan'
option extra '-m policy --dir out --pol ipsec'
option proto 'all'
option target 'ACCEPT'
option priority '19'
config rule '34'
option name 'Block-Direct-LAN-to-WAN'
option src 'lan'
option dest 'wan'
option extra '-m policy --dir out --pol none'
option proto 'all'
option target 'DROP'
option priority '20'
iptables -A FORWARD -s 192.168.0.0/24 -o qmimux0: -m policy --dir out --pol ipsec -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -o qmimux0: -m policy --dir out --pol none -j DROP
This blocks VPN and WAN.
config rule '34'
option proto 'all'
option name 'Block-Output'
option priority '25'
option target 'DROP'
option extra '-m policy --pol none --dir out'
option src 'lan'
option dest 'wan'
Thank you in advance!