WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

Remote access, virtual network adapter, RMS

0 votes
1,544 views 3 comments
by anonymous
Hi,

I bought a RUT240 and would like to use it for the following application:

Application:
I have several Raspberry pis (zero w), which are connected via the Wifi with the router. On the Raspis run small Web servers (Python Tornado), which provide a Web control GUI.

I use a prepaid card without a public IP address.

My problems:

### PROBLEM: Remote access to the WebGui ###
I want to access the Web Gui of the Raspis remotely. With RMS, I have been able to create a remote access using the link created in RMS, i. LAN IP of the Raspis and port 8888.

However, since the contents between Web GUI and webserver on the Raspi are exchanged by means of a Websocket (GUI: Javascript, Webserver on Raspi: Python Tornado). The static content is displayed, but no interaction (websocket) with the Raspi is possible.

When accessing the Web Gui from the Remote PC, the content can not be displayed in the browser, as Javascript has no "direct" access to the local Web server (Raspi, LAN client), the Websocket can not be set up.

### PROBLEM B: Remote access to the Raspi ###

It may happen that I have to make various changes in my Python code (for example updates, fix bugs). So far (in the local network) I have done this with my laptop (Win10) and WinsSCP or Putty (SSH).
Now I want to be able to do this in the same way by remote access.

Is there a way to easily solve both problems? Maybe with RMS. I am not an IT specialist. I have already tried an approach using OpenVPN, but unfortunately failed.

Thanks and Regards,
Hendrixon

2 Answers

0 votes
by anonymous

Hello,

Problem A: sounds like a limitation from the RMS side. Not sure what can be done to help, but I promise I will ask around about this.

Problem B: you can connect to your RUT240's CLI via RMS. Then SSH to any LAN device from there.

Both problems could be solved OpenVPN or another type of VPN, but for remote access you would still need to host your own VPN server, which requires a public IP, or have access to an existing server, which would no doubt result in extra costs.

by anonymous
Hello,

many thanks for your response. I also think that OpenVPN is the right solution. I have already tested the following approaches:

1st approach provider
My Sim card provider (1nce) offers a free OpenVPN access. I was able to connect to the RTU240. In addition, I have set a port forwarding, so I could connect to the specification of a specific port and the provider IP (not public) with the Lan Devices.

However, since I have several routers (5-10) in the future and 10 raspis per router, a manual setting of the port forwarding is inconvenient.

Is it possible to install / route a virtual client in the router that is connected to the LAN network (like a "virtual network adapter"). If I connect to the router via remote access (OpenVPN), so that I am a "virtual" participant in the LAN network?

2nd approach AWS OpenVPN Access Server

I have also installed an OpenVPN Access Server at AWS and wanted to connect the router as an OpenVPN client.
Unfortunately without success, because the settings did not fit. No problem with my pc, tablet or smart phone.

Unfortunately, the RTU240 is not able to upload an ovpn file for the configuration. Why?

But even if I had succeeded, how will things continue? How do I have access to the LAN devices if the router is an OpenVPN client.

3rd approach Raspis as OpenVPN client

The best approach would be, in my opinion, that every Raspi is an OpenVPN client. But that will be very expensive!
by anonymous

Is it possible to install / route a virtual client in the router that is connected to the LAN network (like a "virtual network adapter"). If I connect to the router via remote access (OpenVPN), so that I am a "virtual" participant in the LAN network?

It all depends on routing. I'm not sure what types of VPN services your ISP provides but, in my opinion, it should be very easy for them to push the appropriate routes (i.e., the routes to the RUT240s LANs) to connecting clients. Another way would be to add the route manually in the connecting machine, but I'm not 100 % sure of this, so it would need to be tested.

Unfortunately, the RTU240 is not able to upload an ovpn file for the configuration. Why?

Not sure why, I actually tested this today for another question and it worked fine. Can I ask which firmware version your device is currently using? What happens when you are unable to upload it (e.g., error message, the page just refreshes, something like that)? If the router is still not using the latest FW version, you should upgrade it (you can click here to download it).

As for your approaches, all I can say is you should do the relevant tests and see what suits you best. Also, I'll be waiting for your feedback on the second approach issue.

by anonymous

 

 

OK

I have now again followed the approach using AWS OpenVPN Access Server.

CLIENT (RTU240)
The following ovpn file is now available for the client (see below). I downloaded it on the OpenVPN Web GUI. The important data I have marked with ####. Where can I upload this file to the WEB GUI of the RUT240? How do I have to configure the client so that I have access to LAN devices of the RUT240? Can you post a little example? Step by step?

SERVER (AWS, OpenVPN Access Server)
I have inserted a picture for the settings of the server (see below). I think I have to adjust the routing accordingly, so I have access to the local LAN IP network of the RUT240.
Maybe you can help me too.

Many thanks.
####################################OVPN CLIENT############################################
# Automatically generated OpenVPN client config file
# Generated on Thu Nov 21 08:59:26 2019 by openvpnas2

# Default Cipher
cipher AES-256-CBC
# Note: this config file contains inline private keys
#       and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME= ####
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE= ####
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=####:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
######
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote #.###.###.### 1194 udp
remote #.###.###.### 1194 udp
remote #.###.###.### 443 tcp
remote #.###.###.### 1194 udp
remote #.###.###.### 1194 udp
remote #.###.###.### 1194 udp
remote #.###.###.### 1194 udp
remote #.###.###.### 1194 udp
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 0
rcvbuf 0
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO

<ca>
-----BEGIN CERTIFICATE-----

####CODE/TEXT###########

-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
####CODE/TEXT###########
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
####CODE/TEXT###########
-----END PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
####CODE/TEXT###########
-----END OpenVPN Static key V1-----
</tls-auth>

## -----BEGIN RSA SIGNATURE-----
## DIGEST:sha256
## ####CODE/TEXT###########
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## ####CODE/TEXT###########
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## ####CODE/TEXT###########
## -----END CERTIFICATE-----
 

####################################SERVER SETTINGS############################################

0 votes
by anonymous

update:

I have now updated the firmware and was able to successfully upload the ovpn file.

If I want to connect to the Access Server on my computer using "OpenVPN connect" I have to enter the user password.

That's why I also tried this on the RTU240, entered the user name and password for the input authentication.

Unfortunately, I could not connect to the Access server.

What are the further / right steps with the RTU240:

1. upload the ovpn files
2. Specification of the user and the password
3. Routing settings for remote access to the LAN devices (Raspis) or LAN network? I think I have to make changes to the Access Server here.

For a professional, these may be simple questions, but I'm still in the beginning.


Thanks and Regards
Hendrixon