Hi, I’m currently testing the RUT301 as a IKEv2 IPSec remote endpoint with a virtual IP configured for the router’s subnet and need help with iptables rules for SSH to a remote server behind the router. The setup so far is as follows:
Device | IP |
---|---|
HQ Server | 192.168.99.12 (Internal IP) |
— | — |
HQ Firewall | 10.1.1.1 (External IP) |
— | — |
RUT301 | 10.1.1.2 (External IP) |
192.168.0.0/24 (Internal Subnet) | |
172.30.3.0/24 (Virtual Subnet) | |
— | — |
Remote Server (Behind RUT301) | 192.168.0.10 (Internal IP) |
172.30.3.10 (Virtual IP) |
The S2S VPN configuration on the router is working with:
Local Subnet: 172.30.3.0/24
Remote Subnet: 192.168.99.0/24
And after following the steps in the overlapping subnets guide: Overlapping subnets with IPsec solution - Teltonika Networks Wiki, I was able to get a ping between the HQ server and the remote server’s virtual address working both ways, but SSH between them is still not possible.
I need to be able to ssh to the remote server’s virtual address (172.30.3.10) from the HQ server and vice versa. When checking the SSH logs it appears that the initiating SSH client can connect to the SSH server on the other host, but the service can’t return anything back to the client.
We are looking to use the RUT301 to replace existing Cisco equipment that is configured with the same settings, so I am confident that the firewall in HQ is configured correctly, as this configuration works with our current routers.
I suspect that the firewall on the RUT301 is blocking this traffic or that I have configured the NAT incorrectly.
Many thanks in advance for any help!