OpenWrt configuration for use with audio consoles

I have a teltonika rut240 which comes preloaded with openwrt and openVPN and I need some help configuring it.

The device includes a cellular modem,which by default seems to allow each wifi and LAN connected device to access the internet, but not each other - I need to allow full connectivity internally while isolating the entire network from the WAN and WLAN interfaces.

The use case is to allow tablets and phones connected via wifi to have completely transparent access to audio mixers connected via the Lan (RJ45) ports. In other words every port needs to be accessible to every machine on all interfaces, for both TCP and UDP traffic. ( But still isolated from the internet)

As the only devices physically connected will be connected for the purposes of control, there are no security considerations internally, however I'd like to still keep the entire subnet firewalled from the global internet

At most there will only be 16 devices in either category (wifi and Lan), but typically there would only be 1 mixer and 2 tablets

Ideally they'd share a common subnet ( say with the lower half dedicated to physical ports, and the upper half wifi)
Hopefully with an area within each of those subnet regions being static addresses, the bulk being dhcp addresses.

I don't particularly need outbound internet access for devices connected to either wifi or lan (but I also don't particularly need it to prevent it either)

I absolutely don't need inbound internet (ie no open ports facing the wan) so I presume a standard firewall configuration would suffice

The one exception is, I'd like to be able to connect to the Lan (RJ45) devices via a VPN externally. This would mean when outside of wifi range, a phone could use it's cellular 5g connection to connect to the VPN, and be given an address inside the shared subnet and have access to any mixer for control purposes

I have already configured the device so it has a dynamic DNS for the cellular interface

So in summary, I need help with:

Ensuring all devices have a common subnet
Allowing wifi devices to talk to Lan devices and vice versa
Configuring OpenVPN to accept connections
Making a file to distribute to phones with the OpenVPN settings to allow connection to the vpn

This device does not appear to be officially supported by OpenWrt. This means that it is very likely a vendor-customized version of OpenWrt that is installed on your device. There may potentially be significant differences between what Teltonika has provided and the official OpenWrt releases, and those could be a critical factor here. As such, you should ask the vendor for support (or use their support forums).

That said, you can try to achieve this goal by creating a guest network. The guide linked below is primarily for wifi, but in a standard configuration of OpenWrt, you can also connect the ethernet ports to the guest network. By modifying the firewall, you can prevent internet access but allow inter-VLAN routing, if desired.

1 Like

If the wifi and the wired interfaces are in the same network bridge, which is the default with official OpenWrt or most any router, the tablets should have full network interaction with the console with no further configuration of the router needed.

2 Likes