WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

Can’t access Internet when VPN Active - RUTX11

0 votes
2,079 views 15 comments
by anonymous
Hi, I have received a RUTX11 mobile router today. It works perfectly with no VPN configuration, but I just can’t figure out how to enable VPN.

I have created an OpenVPN profile configured for Private Internet Access - and the profile says ‘connected’ on the VPN Services page.

However, I get ‘Destination Port Unreachable’ when attempting to ping 8.8.8.8. I have compared the router config with my RUT955, but the interface is different, for one, I do not see the VPN interface in the firewall settings.

My feeling is that I need to create a rule for return traffic from the VPN tunnel to the LAN - but have no clue how to do this.

Any help appreciated

Regards

 Michael
by anonymous
Any update on this - still can not use OpenVPN ?

3 Answers

0 votes
by anonymous
Hi,

Can you share network topology with IP addresses?
Also tell me end result of the setup? You want to from mobile interface reach external network (Internet) and when you need ability to access VPN tunnel?
Can you share config of VPN tunnel (Both sides)?

Regards
by anonymous
My goal is to configure an OpenVPN Tunnel from the RUTX11 to a Private Internet Access Server.

I am using a mobile interface/SIM as the WAN connection.

I have configured OpenVPN in Services->OpenVPN - and see a 'Connected status', but I am unable to access anything on the Internet.
After browsning your forum further, I think my issue is the same as this one:

https://community.teltonika-networks.com/16350/rut-x11-no-more-openvpn-zone?show=16350#q16350

My LAN network is 192.168.4.0/24 - I tried two different PIA VPN Servers, Norway and Netherlands (nl.privateinternetaccess.com).

As status says Connected, I am quite certain that the VPN connection is established,but that routing in the RUTX11 fails. The same config works on my RUT955.

Topology is:
Laptop (192.168.4.240) -> RUTX11 (192.168.4.1) -> LTE Network. If I disable the VPN Tunnel, router works perfectly.

Judging from the post I linked to - there are at least two issues in the firmware:
1. No Firewall route was created after VPN creation (I created one manually - copied from RUT955) - but did not help
2. VPN Interfaces does not show up in firewall at all only the two SIM cards and the Eth0 interfaces.

Would you like a config upload  ?

Regards

Michael
0 votes
by anonymous
Hi,

In the near future new fw will be released.
In new fw this issue will be addressed and solved.

Regards
by anonymous
Thanks - and love the 'Solved' part :-)
by

Hi @

Do you have an estimate of when the new version will be released?

by anonymous
Hi,

At this moment new FW is in testing phase. If everything is good - it should be released in ~1/2 weeks
by
Great news!

Is there any way to  test the development version?

Thanks
by
Same problem, very similar to the topology described above. Desperately looking for a fix. I'll be happy to have early access to the fix as well.
by anonymous

We should wait for official release, because this version will add a lot of additional features and we need to make sure, that this version will be without bug's

by anonymous
by anonymous
This is very fustrating. Have you tested this with popular VPN providers like Private Internet Access-?

I can configure a pfSense FW with OpenVPN in a few minutes, but the RUTX11 just refuses to accept required parameters - unless there is another secret place where I have to enter the extra VPN config options.

Can not get the tunnel up - this worked on my old RUT955

Please help with a guide on how to add Private Internet Access VPN client using the latest firmware.

Regards
by anonymous
Any update - I did display a sample PIA config 5 days ago ?

Sorry, I now realise it is 9 days ago.
0 votes
by anonymous
upgraded, but very confused

I loaded a config from PIA - config loads, shows the full page of settings for less than a second - then settings disappear leaving me with only the enable sliders and 'Save and Apply' button.

Will atttempt a manual config
by anonymous

Trying manual config.

PIA wants me to add the following additional configurations:
 

persist-key
persist-tun
tls-client
remote-cert-tls server
pull-filter ignore "auth-token"

When I attempt to enter these, I get a red error text saying invalid characters - and field length is too short for the remote-cert-tls server line

How to proceed ?
by anonymous

Found one sure bug: Unable to type my full password - entry fields in the OpenVPN client form cuts off characters beyond 16 !

Guys, close to demand a refund - was evaluating this for a larger number of mobile units - not good, as the RUT955 worked perfectly although slow in VPN performance.
angry

by anonymous
Can you share full OpenVPN client/server configuration?
I will try to reproduce the issue with your specific configuration.
by anonymous
I can share everything but my user-id/Password -which will not be needed, as setup fails well before any attempt to log-in.
Bugs found so far:
- Field length when doing a manual OpenVPN config is limited to 16 characters - way to little for some passwords and options.
- Characters like '-' (dash) is flagged as invalid in options fields - and likely others

- Unable to edit a loaded OpenVPN config - Looks like I can not attach a file here, so I show the contents below.  To reproduce - load a ovpn file and then attempt to edit it. Could possibly be certain characters in the file below that triggers this behaviour.

*** Start of OpenVPN FIle - save content between stars as 'denmark.ovpn' ***

client
dev tun
proto udp
remote denmark.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server

auth-user-pass
compress
verb 1
reneg-sec 0
<crl-verify>
-----BEGIN X509 CRL-----
MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa
MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG
9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5
jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EW
B4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Re
ze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA
5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqy
MR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A==
-----END X509 CRL-----
</crl-verify>

<ca>
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1
MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD
L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX
lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp
cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/
8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB
/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC
OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL
y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO
sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM
b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G
A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg
SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz
czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn
a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU
ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3
7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC
GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz
1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt
YDQ8z9v+DMO6iwyIDRiU
-----END CERTIFICATE-----
</ca>

disable-occ

***** End of Open VPN File ***