IC2 Remote Web Admin with VPN

tex01 · October 7, 2020, 1:06pm

Hello.,

We established IPSec VPN. With VPN established, IC2 cannot connect to either MAX of Balance device for Web Admin.

I also see the rouer’s LAN interface (lets say 192.168.0.1) making dns requests to the ISP/WAN configured DNS servers, when the local network is configured with private dns servers. I did notice that there are no DNS settings specifically for the LAN interface, just ip addressing. DNS Proxy is not enabled.

None-the-less, the Remote Web Admin is not connecting. What are the configurables here to enable IC2 to connect to the Web Admin and CLI?

sitloongs · October 7, 2020, 9:12pm

@tex01

Would you able to provide more info for the IPSEC VPN setup ? How you forward IC2 traffics via the IPSEC ?

tex01 · November 2, 2020, 12:26pm

WHat i found out is that the system seems to take the IPSec local/remote networks and creats static routes for this traffic, regardless of the source network. So, i need to tunnel all traffic on my secure VLAN to my remote network.

Configuring a remote 0.0.0.0/0 and local 192.168.0.0/24 IPSec network routes all router management functions through the IPSec VLAN. It does not keep seperate routes for VLAN traffic vs the onboard controller and admin traffic. Traffic on an unsecure LAN can still access the internet directly, but the web admin stuff was getting thrown through the tunnel when it shouldn’t have been.

sitloongs · November 2, 2020, 4:42pm

@tex01

Thank you for the feedback here.

Yes, the IPSEC 0.0.0.0/0 route will affecting some of the system management traffics (IC2 Remote WebAdmin) .

As discussed via support ticket:

Make sure Remote IPSEC device allowing those forwarded traffics.
This will be enhance in the future firmware to allow user to specific where the traffics need to routed . Targeted maybe firmware 8.2.0 or above.