WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

Routing RUT240 Traffic over a Gateway to another Router

0 votes
998 views 16 comments
by

Hello,

I connected VPN-Router01 (Lancom) and VPN-Router02 (Teltonika RUT240) over VPN (IPSEC) to my VPN-Gateway (Lancom). I reach all Clients (PC01 and PC02) with PC00.

I have Problems to reach PC02 from PC01 and PC01 from PC02.

I can ping VPN-Router02 with VPN-Router01 (+). I can't ping VPN-Router02 with PC01 (-).

I can't ping VPN-Router01 with VPN-Router02 (-).

I tried to configurate a static Route with no positive results:

I also tested Interface WAN (mobile), LAN and TUN (just because I had completely no Idea) with also a negative result.

At least I played with the firewall settings but also with no positive result.

Does anyone has an idea, why I can't reach the networks over the gateway?

Kind reagards

Jan

1 Answer

0 votes
by anonymous

Hello,

Does VPN-Router01 (192.168.1.11) normally reply to ICMP(PING)? For example when being pinged from 192.168.1.100?

Also, could you connect to VPN-Router02 (192.168.2.11) via SSH (Username: root ; password: same as WebUI) and execute command:

tcpdump -i any host 192.168.1.100

This will listen for any traffic coming from PC01 (192.168.1.100)

And then initiate ping from 192.168.1.100 pc to 192.168.2.11

Paste your tcpdump output here

by

Hello, thanks for helping me.

The VPN-Router01 of cause reply to ICMP.

The result of tcpdump:


root@Teltonika-RUT240:~# tcpdump -i any host 192.168.1.100
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
^C
0 packets captured
2 packets received by filter
0 packets dropped by kernel
root@Teltonika-RUT240:~#
 

by anonymous

If VPN-Router01 can ping RUT240 but PC01 cannot, I'm guessing the issue is laying in PC01 routing. Is 192.168.1.11 a default route for this PC? If not, does it have a static route configured that 192.168.2.0 network is reachable through 192.168.1.11?

by
PC01 gets all its settings by dhcp. I checked the Routing tags in VPN-Router01 and VPN-Gateway but found no mistakes...

I'm wondering, that I can ping VPN-Router02 with VPN-Router01 but can't ping VPN-Router01 with VPN-Router02. In my opinion, I have to set another routing tag or a firewall rule blocks it...
by
I also did a TRACERT from VPN-Router02 to VPN-Router01. The VPN-Router02 didnt't try to route over the VPN-Gateway.

Wenn I did a TRACERT from the PC01 to VPN-Router02 it hops over VPN-Router01 and VPN-Gateway. After that there is no other entry...
by anonymous

Please, connect to RUT240 via SSH and execute command:

route

Paste the output here, please.

Also it would be great if you would paste routing table of your PC01 also:

If Windows:

route print

If Linux:

route

by

1) Route 192.168.1.100 (PC01)

IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0                  192.168.1.11  192.168.1.100     35
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    331
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    331
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
    192.168.1.0    255.255.255.0   Auf Verbindung   192.168.1.100    291
  192.168.1.100  255.255.255.255   Auf Verbindung   192.168.1.100    291
  192.168.1.255  255.255.255.255   Auf Verbindung   192.168.1.100    291
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    331
        224.0.0.0        240.0.0.0   Auf Verbindung   192.168.109.246    291
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
  255.255.255.255  255.255.255.255   Auf Verbindung   192.168.1.100    291
===========================================================================
Ständige Routen:
  Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel             Gateway
  1    331 ::1/128                  Auf Verbindung
  9    291 fe80::/64                Auf Verbindung
  9    291 fe80::e19e:78b2:b34f:d6c7/128
                                    Auf Verbindung
  1    331 ff00::/8                 Auf Verbindung
  9    291 ff00::/8                 Auf Verbindung
===========================================================================
Ständige Routen:
  Keine
 

2) Route 192.168.2.11 (VPN-Router02 RUT240)

root@Teltonika-RUT240:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.132.201.145  0.0.0.0         UG    0      0        0 wwan0
10.74.210.210   10.132.201.145  255.255.255.255 UGH   0      0        0 wwan0
10.74.210.211   10.132.201.145  255.255.255.255 UGH   0      0        0 wwan0
10.132.201.128  *               255.255.255.224 U     10     0        0 wwan0
10.132.201.145  *               255.255.255.255 UH    10     0        0 wwan0
192.168.2.  0   *               255.255.255.0   U     0      0        0 br-lan
root@Teltonika-RUT240:~#

Shall I translate the german words?

Kind regards

by anonymous

Hello,

Could you try adding route on RUT240 via SSH?

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.10.11
by
root@Teltonika-RUT240:~# route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.10.11
route: SIOCADDRT: Network is unreachable
by anonymous
Strange, you should be able to add it,

Are you able to ping 192.168.10.11? Is IPSEC tunnel up when you try to execute the route command?
by
I can ping the GW and the IPSEC tunnel is up, when I try to execute the route command.

Maybe there is something strange with my default route...

Or the RUT240 tries to route over the Internet and not through the IPSEC tunnel... I tried to add the 192.168.10.11 as default gw (route add default 192.168.10.11) but with no result (No such device).
by

Now I got it.

I first add the IP 192.168.2.0 (RUT240) as default gw (route add default gw 192.168.2.0)

Then I added the route

Now the new route is wirtten:

root@Teltonika-RUT240:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.132.201.145  0.0.0.0         UG    0      0        0 wwan0
10.74.210.210   10.132.201.145  255.255.255.255 UGH   0      0        0 wwan0
10.74.210.211   10.132.201.145  255.255.255.255 UGH   0      0        0 wwan0
10.132.201.128  *               255.255.255.224 U     10     0        0 wwan0
10.132.201.145  *               255.255.255.255 UH    10     0        0 wwan0
192.168.2.1 192.168.110.11 255.255.255.0   UG     0      0        0 br-lan                                                                                                                            192.168.2.0   *               255.255.255.0   U     0      0        0 br-lan

Bit pinging 192.168.1.0 also brings no result...

After lunch I trie the tcpdump command...

by anonymous

Did you add this one?

192.168.2.1 192.168.110.11 255.255.255.0   UG     0      0        0 br-lan

Because there seems to be a typo in 192.168.110.11

Also, I don't think this is a correct route because you want to reach 192.168.1.0/24 network through 192.168.10.11

by

Oh damn, of cause the right line is:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface                                                                                                                       192.168.1.0 192.168.10.11 255.255.255.0   UG     0      0        0 br-lan

For better understanding I didn't use right IP-Adresses in my chart.

I'm sorry for confusing you.

by

Same result...

root@Teltonika-RUT240:~# tcpdump -i any host 192.168.1.100
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
^C
0 packets captured
2 packets received by filter
0 packets dropped by kernel
root@Teltonika-RUT240:~#

by
When I now do a tracreroute from RUT240 it just tries one hop...

root@Teltonika-RUT240:~# traceroute 192.168.1.100
traceroute to 192.168.1.100 (192.168.1.100), 30 hops max, 38 byte packets
 1  Teltonika-RUT240.com.lan (192.168.2.11)  2995.804 ms !H  2997.704 ms !H  2999.757 ms !H
root@Teltonika-RUT240:~#
by anonymous
Maybe we could try a remote session and try to solve this?

Could you create an account here and contact me via a private message so we can arrange it?