Routing tables VPN interface not showing

NETWORKING SOLUTIONS
1

I have a IPSEC tunnel setup and established, I can ping the far end IP. But I can setup a static route for this tunnel. The IPSEC IP address show in the routing table CLI, and has interface. When I try to setup a static route the interface does not show in the GUI so I can’t assign it to the route.

If I set it to the WAN interface it still does not show. Any help would be gratefully receivied

3

Hello,

By default, when an IPsec tunnel is created, it’s attached to the WAN firewall zone.

Can you tell us what kind of static route you’d like to set up? What is going to be routed through the IPSec tunnel? Is it going to be a specific IP address, a specific subnet of some sort?

Regards,
M.

4

I need to configure a split tunnel, with traffic going to a couple of IP address to be routed via the IPSEC tunnel, and all other internet traffic via the WAN connection.

When I set the interface to WAN it does not route the traffic or appear in the routing table when I use the CLI command “route”

5

Alright, it’ll take a bit, but I’ll go ahead and test the configuration out to see what we can do here.

I’ll get back to you soon,
M.

6

Hello, @uknick ,

Took a while, but I finally ended up coming with a solution for you with the help of my colleagues, here it is:

  1. First, edit your IPSec configuration (on both sides, if you’re using multiple Teltonika devices), and enable Route based IPSec option & give your tunnel an IP address. In my case, I gave it 10.0.0.1/24 but this can be whatever you want, just make sure it’s a unique IP to avoid conflicts:
    image
    image862×531 19.8 KB
  2. After doing so, please head to Network → WAN and create a new WAN interface with the following settings:
    image
    image848×244 9.73 KB

    image
    image830×270 12 KB

    image
    image411×237 8.31 KB

    image
    image806×410 22.4 KB

Make sure that the new “interface” that you’re adding under Physical settings matches your IPSec tunnel name. For example, if your tunnel is called “Tunelis2”, it must be the same, with capital letters, numbers, and symbols included.

After this has been done, head to Network → Routing → Static Routes:

image
image1514×252 15.2 KB

And create a route similar to this. The Interface is going to be the “routing” interface we’ve created, which is the IPSec tunnel, target is the IP address, subnet is according to the IP address/entire network you’re gonna target & the gateway is going to be the other side of the tunnel, which in my case, is a TRB142 with the IPSec address of 10.0.0.2/24.

After saving and applying everything, you can check whether the route works like so:

image
image746×237 17.2 KB

And here’s from the other side (TRB142):
image

If you’re interested, here’s what my setup looked like in a topology:

image
image810×320 4.48 KB

Hopefully, you get it to work as you want to. Good luck!

Regards,
M.