Hi everyone,
I want to use the MT2500 to connect to my raspberry pi which is connect via lan on MT2500. My client is connect to o the von server on mt2500 via Internet. Now I want to connect my client to the raspberry PI via ssh. How ich configure this?
Port forwarding just work, via WAN not via VPN 
Thank you, but now, I can access to the upper Network but still not the raspberry Pi who is connected to the LAN on MT2500. Actually I want to use the MT2500 to someone can connect only to the Raspberry Pi via VPN but he shouldnât have access to my private network, just to the Raspberry Pi, but now he just connect to my private network but he doesnât have access to the Raspberry Pi on LAN.
Check the firewall from LuCi and make sure forwarding between the two zones is allowed. Try to troubleshoot it by pinging the gateway and clients from your pi board.
Hi i create a graph to understand what I mean:
If I activate the forwarding on WAN on PORT 80, then the Prenetwork and the VPN Client has connection to the Raspberry Pi 2, but VPN Client has connection to the Prenetwork x.166.x. The target is, the VPN client should have only connection to the Raspberry Pi 2. I thought the security Gateway 2500 has the VPN server to connect to the LAN, but actually all functionality is just has connection to the WAN / Prenetwork. Is it not possible with MT2500 to protect the Prenetwork?
The VPN comes in the OpenVPN zone. The Internet is on the WAN interface and the raspberry pi and other deivces are on the LAN interface.
You need to used Advanced Settings->Network->Firewall to allow the zones to route to each other (in your case VPN->LAN needs to be allowed).
If you want to allow VPN access to just the RPI to be accessabel from the VPN, write a traffic rule (next tab along in Firewall) allowing any from the VPN to the LAN and choose the Rapspberry Pi as the IP address/device. Make sure its an allow rule.
Just below it in the table, add a rule from the any device on the VPN to the LAN, this time put an address of 192.168.8.0/24 in rather than choosing a device and set the action to deny.
The above will âallowâ access to the Raspberry PI, but restrict access to the rest of the network.
Something like that will work for you.
Thank you for your response.
Actually to connect the Raspberry PI on the LAN, I just need configure the firewall rule
After that I can open the Raspberry Pi via IP Adress from Gateway for example 10.0.0.1.
BUT the problem is, I also connect to the upper network. I think this doesnt make sense, because "Allow Access WAN is off:
?
ok I really donât understand this product. At first the client could connect to the WG Server now, they âconnectâ but they donât have a connection. The server write logs like
Wed Jun 21 09:25:22 2023 user.notice nat6: Firewall config="wgserver" zone="wgserver" zone_masq6="0".
Wed Jun 21 09:25:29 2023 user.notice nat6: Firewall config="wgserver" zone="wgserver" zone_masq6="0".
Wed Jun 21 09:25:32 2023 user.notice mwan3[8267]: Execute ifup event on interface wgserver (wgserver)
Wed Jun 21 09:25:32 2023 user.notice mwan3[8267]: Starting tracker on interface wgserver (wgserver)
Wed Jun 21 09:25:37 2023 user.notice firewall: Reloading firewall due to ifup of wgserver (wgserver)
Wed Jun 21 09:25:37 2023 user.notice nat6: Firewall config="wgserver" zone="wgserver" zone_masq6="0".
Wed Jun 21 09:25:47 2023 user.notice nat6: Firewall config="wgserver" zone="wgserver" zone_masq6="0".
Wed Jun 21 09:26:09 2023 user.notice nat6: Firewall config="wgserver" zone="wgserver" zone_masq6="0".
Wed Jun 21 09:26:09 2023 user.notice nat6: Firewall config="wgserver" zone="wgserver" zone_masq6="0".
So nothing works again.
Ok I found out the MT2500 is shit and has many bugs. I just configure this MT2500 everything is fine and later about two hours nothing works, no VPN no connection no connection. Until I reset und doing the same steps than it works until MT2500 stop working. To buy this MT2500 it was big mistake.