RUT955 VLAN through OPENVPN

Hello, I’m having problem with VLANS through my OpenVPN tunnel. First of all, I made the tunnel following the " Connecting two same subnet office networks using OpenVPN bridge (TAP) on RUTX" Tutorial, and it works great.

Now I need to connect two VLAN throught the tunnel it is possible with two RUT955? If it’s possible how i can do it?

I’m a noob and need help.
Thanks you in advance.

Hello,

Thanks for reaching us.

I’m assuming there is a misconfiguration; if possible, please provide me a screenshot of your configuration from both ends Router so we can work together to resolve the issue.

Thanks

Hello,

Here is the configuration from server router:


VLAN

Firewall

Interfaces

Here is the configuration from Client router:


VLAN

Firewall

Interfaces

And here is a screenshot from what I need to configure:

The IP 192.168.1.X is used to get acces to administrator web from routers and the IP 192.168.5.X is used to communicate the PCs from the network.

After I made the question I was thinking that maybe I need to use tagged VLAN but I don’t know if I can use the OpenVPN as Trunk Port to make the connection of VLANs. Is possible make this with the RUT955 routers?

Thanks you in advance for your reply

Hello,

Please keep in mind that in order to set up the VPN tunnel, you must have a Public IP address on the OpenVPN server side. Based on the topology, I don’t see any public IP addresses. X.X.X.X, as it should be

Correct me if am wrong

Thanks

We have a Public IP address on the OpenVPN server side, by the way I can made ping between server and client from Open VPN. My problem is when we tried to configure VLANs, we couldn reach 192.168.1.X IP through VPN Tunnel but couldn’t reach 192.168.5.X.

Hello,

I believe there is some misconfiguration on both sides as well. Please take note of the following points based on the screenshots you provided.

1- On the client configuration side, enter the OpenVPN server’s public IP address in the Remote/Host IP address field.

2- Regarding the VLAN, I notice only one LAN interface rather than two LAN interfaces for VLAN purposes, thus once you create a VLAN, you must create an interface to add the VLAN address, otherwise, depending on the topology, a VLAN is not required. Because there is only one LAN IP address, the purpose of VLAN is to create two separate LAN subnets on two different ports to split traffic, but I can see on the topology that there is only one LAN subnet, which is the default one, so what is the point of untagged VLAN?

You can see the link below for VLAN configuration:
https://wiki.teltonika-networks.com/view/VLAN_Set_Up

3- TAPPED OpenVPN interface is used for devices on the same subnet, but I can see that a Local Switch connected to the PC is receiving an IP address of 192.168.5.0/24. That causes conflicts and confusion everything in that case; if there is a different subnet, then the Tunnel OpenVPN interface should be used.

Links that may help for OpenVPN configuration:
https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples

4- One of the limitations of static keys is their restricted scalability (one client, one server) oly, hence for testing reasons, I would recommend using TLS certificates.

Thanks

Hello Louay,

Thanks for your help. I’ll try to answer your points.

1.- I edited the photo to upload it, this is why the “Remote/Host IP” is empty.
2.- I tried this way too I created an interface with the local IP “192.168.5.88” on the server side an other interface in the client side with IP “192.168.5.89”.I assigned to the new interfaces the VLAN 211 but I coudn’t reach it through OpenVPN tunnel.
3.- I know tapped is for devices on the same subnet but if I created the new interfaces with IP “192.168.5.XX” on both RUT955, why I coudn’t reach it through the OpenVPN tunnel?. I think maybe this is the way to go to tried to connect the local Switch1 “192.168.5.1” to the PC “192.168.5.90” or no?
4. I’m using static keys because I’m testing the configuration if it works, I’ll change it to TLS certificates

Thanks you in advance.

This topic was automatically closed after 16 days. New replies are no longer allowed.