I have a teltonika rut240 which comes preloaded with openwrt and openVPN and I need some help configuring it.
The device includes a cellular modem,which by default seems to allow each wifi and LAN connected device to access the internet, but not each other - I need to allow full connectivity internally while isolating the entire network from the WAN and WLAN interfaces.
The use case is to allow tablets and phones connected via wifi to have completely transparent access to audio mixers connected via the Lan (RJ45) ports. In other words every port needs to be accessible to every machine on all interfaces, for both TCP and UDP traffic. ( But still isolated from the internet)
As the only devices physically connected will be connected for the purposes of control, there are no security considerations internally, however I'd like to still keep the entire subnet firewalled from the global internet
At most there will only be 16 devices in either category (wifi and Lan), but typically there would only be 1 mixer and 2 tablets
Ideally they'd share a common subnet ( say with the lower half dedicated to physical ports, and the upper half wifi)
Hopefully with an area within each of those subnet regions being static addresses, the bulk being dhcp addresses.
I don't particularly need outbound internet access for devices connected to either wifi or lan (but I also don't particularly need it to prevent it either)
I absolutely don't need inbound internet (ie no open ports facing the wan) so I presume a standard firewall configuration would suffice
The one exception is, I'd like to be able to connect to the Lan (RJ45) devices via a VPN externally. This would mean when outside of wifi range, a phone could use it's cellular 5g connection to connect to the VPN, and be given an address inside the shared subnet and have access to any mixer for control purposes
I have already configured the device so it has a dynamic DNS for the cellular interface
So in summary, I need help with:
Ensuring all devices have a common subnet
Allowing wifi devices to talk to Lan devices and vice versa
Configuring OpenVPN to accept connections
Making a file to distribute to phones with the OpenVPN settings to allow connection to the vpn