5656 questions

6864 answers

11066 comments

6947 members

0 votes
577 views 2 comments
by

Hi,

I have two situations.

1) VPN (RUT as client); Server (PC) to RUT500's LAN clients is possible. However, lan RUT to server isn't. When ping I can see the ping on the PC (wireshark) but with description 'no response found'. I tried by routing, but doesn't work.

- Configured as TUN

- server 192.168.1.0 255.255.255.0

client-config-dir "c:\\Program Files\\OpenVPN\\config\\ccd"

route 192.168.0.0 255.255.255.0 #this is RUT's lan DHCP

route 192.168.1.0 255.255.255.0

route 172.16.128.0 255.255.255.0 #servers network

In clientconfig:

ifconfig-push 192.168.1.2 192.168.1.3

iroute 192.168.0.0 255.255.255.0

push "route 172.16.128.0 255.255.255.0"

push "route 192.168.1.0 255.255.255.0"

push "route 192.168.0.0 255.255.255.0"

Could this be a firewall issue in RUT?

2) We using this RUT's for PLC remote control. I'd like to connect a service engineers' laptop to the lan too, to acces te PLC. However this doesn't work. Ping does work, but somehow not all traffic. I have added almost every combination I can't imagine in firewall, but even with all this kind of rules, I can't get traffic on LAN. 

How can I solve this?

Is there anyhow a possibility to log firwall? Like what has been blocked etc.? 

Kind regards, John

1 Answer

0 votes
by

Hi,

  1. I don't think this is an issue on the RUT firewall, but on the PC's firewall. The router firewall's OUTPUT chain has a rule that allows outgoing traffic by default.
  2. You can't access the PLC from laptop, both connected to the router, correct? Which protocol and port are used for the connection? Is the connection successful if you connect laptop to PLC directly?
by
Hi thanks a lot for your answer,

1. Okay, this is strange. The same situation but then with my laptop as openVPNclient does work (I can reach both sides), but using RUT I can't. Anyway, for now one-way acces is enough. However for future use I'd like to get a solution for this.

2. Yes I can reach it directly. However on customer side the router isn't accesable from anyone, an RJ45 jacket is used to plug in the service engineers laptop.

(So they can't connect directly to the plc, or we should install a second ethernet switch if I can't get it working via RUT).
Protocols (according to wireshark) are TCP and COTP.

Edit: disabling SYN-FLOOD fixed part of it, I can go online now directly, but the search funtion (to find PLC's in network) doesn't work yet. This uses protocols PN-DCP and LLDP.

Kind regards, John
by

1. This is just a guess, but perhaps the necessary route is not pushed or not accepted by the router for some reason. What if you tried adding 172.16.128.0 255.255.255.0 into the remote network IP address and netmask fields in the OpenVPN client configuration?

Also, could you send pcap file from Wireshark or a screenshot of it?

2. Well, it makes sense then, because RUT devices do not support PN-DCP or LLDP. Only DHCP.