Teltonika RUTX10 as VPN server only

Hello,

I am new to Teltonika and industrial routers in general. I am trying to set up router as VPN server only, but when I set up it in LAN settings, it can’t reach internet. What is best way to achieve correct configuration? At the moment I set up in LAN settings static IP address as like 192.168.1.2, but there are not default gateway settings. The only way it was working, only if I also set up WAN. But is it correct to use same IP adress in WAN settings?

Hello,

Thank you for reaching out.

By default, Teltonika devices operate with two VLANs: one for LAN and another for WAN. The WAN settings manage Internet connectivity. If you need the router to use the IP address 192.168.1.2 for Internet access, you must configure this in the WAN settings, where you can also set the default gateway. Please note that the WAN and LAN IP addresses must differ to ensure proper routing. The LAN IP on the router is primarily used for communication with devices connected to the RUT network.

For more detailed information on LAN, WAN, and VLAN configurations, you can refer to the following links on our Wiki:

Regarding VPN configuration, the setup process will vary depending on the type of VPN. We have step-by-step guides available for different VPN configurations in our Teltonika Networks Wiki.

To provide more tailored guidance, could you share your network topology and describe your specific requirements in more detail? I may be able to offer a more customized solution and configuration.

If you encounter any issues or need further assistance, please feel free to reach out.

Best regards,
Kacper

OK…so…

with limited information from the post …

I am interpreting your setup as:

[RUT X10 LAN]
[VPN SERVER]
[RUTX10 WAN (4G)]
|
{{ 4G NETWORK }}
[[CG NAT Boundary>]]
|
{{ PUBLIC INTERNET}}
|
[Client device WAN]
[VPN CLIENT]
[Client device OS]

And if I understand that correctly it is never going to work

you see the line:

[[CG NAT BOUNDARY]] ?

it acts “almost” like a diode (–|>|–) in an electronic
circuit (data only flows top to bottom in the sketch except where traffic
started “north” of the diode) and you are trying
to push backwards through it

what is confusing me is you’re talking about LAN ?

if you are connecting the X10 as a VPN server to an existing LAN
I would have expected a different setup like:

{{INTERNET}}
|
[Firewall / router] (with port forwarding)
|
existing LAN / DMZ
|
[X10 ethernet WAN]
[VPN Server]
[X10 ethernet LAN]

Which should work

Sorry but with the limited info in your post that is as much help as I can give right now.

Perhaps a sketch of what you are trying to achieve end to end might help ?

regards

BB

So basically this should look like this:

Teltonika router connected directly to ISP router. At the moment it would act purely as OpenVPN server just to create tunnel, so it would be possible to use ISP IP address for connected clients.
No devices would connect to it directly to any of its Teltonika router ports or WIFI.

At the moment I set up WAN and LAN to same IP, it seems it working. After port forwarding on ISP router, its possible for clients to connect to server. If WAN and LAN cant be same IP, what should I choose? Should I just use different IP on same subnet? Should I use different subnet?

I’m sorry but I think in pictures not words (Neurodiversity)

This is what I think you are trying to achieve from your post and response

in which case:

the X10 WAN should have a STATIC IP in the 192.168.a.0/24 subnet
the X10 LAN should have a STATIC IP in the 192.168.b.0/24 subnet

the X10 default route should point to the private IP of the ISP router
the X10 WAN should have a static route from LAN to 192.168.a.0/24
pointing to 192.168.a.{x10 wan IP} as the gateway IP

This will not include the X10 LAN in the ISP LAN but with further static routes
in the ISP router, you can use 192.168.b.0/24 as a DMZ subnet

Hope that helps

regards

BB