WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

OpenVPN : Firmware RUTXX_R_00.06.06.1

0 votes
602 views 5 comments
by
I have found that if I upgrade an RUT950 to the latest firmware as above and configure an OpenVPN client, a connection to my OpenVPN Server is successful, however a ping request to the OpenVPN client fails with unavailable port and none of my port forward rules work.

When I downgrade the firmware to 00.06.05.1 the ping request succeeds and port forward rules are operational again.

Any thoughts on this?

1 Answer

0 votes
by anonymous
Hi,

Could you please explain and give maybe screenshots of what and how you're trying to do? As I understand, the later version of RUT950 is failing to produce a connection between your OpenVPN server and the client? Screenshots of your configurations and tests would be helpful.

Thank you.

EB.
by
The RUT950 OpenVPN client is connecting to our server however I cannot ping the RUT950 OpenVPN client IP address and am not able to make connections to devices on this client through the port forward rules.  

This configuration is now working on older firmware so I'm reluctant to go back, however I'll be able to repeat the procedure on another device next week some time.
by anonymous
Thank you.

Please try this and let me know how it goes. I will be able to report this to RnD then.

EB.
by
I have the same problem. Unfortunately I can't go to RUT9XX_R_00.06.05.1. The part has already been installed and the dialog shows that the configuration will be deleted in the event of a downgrade. Then the RutXX can no longer be reached by me.

When will there be new firmware that eliminates the problem?
by anonymous

I've been able to look at this issue again, the system log in an RUT950 loaded with the latest firmware (RUT9XX_R_00.06.07_WEBUI.bin) shows the following error. 

Mon Oct 26 20:46:37 2020 daemon.err openvpn(client_xxxx)[8045]: Certificate does not have key usage extension

Mon Oct 26 20:46:37 2020 daemon.notice openvpn(client_xxxx)[8045]: VERIFY KU ERROR

Mon Oct 26 20:46:37 2020 daemon.err openvpn(client_xxxx)[8045]: OpenSSL: error:1416F086:lib(20):func(367):reason(134)

Mon Oct 26 20:46:37 2020 daemon.err openvpn(client_xxxx)[8045]: TLS_ERROR: BIO read tls_read_plaintext error

Mon Oct 26 20:46:37 2020 daemon.err openvpn(client_xxxx)[8045]: TLS Error: TLS object -> incoming plaintext read error

Mon Oct 26 20:46:37 2020 daemon.err openvpn(client_xxxx)[8045]: TLS Error: TLS handshake failed 

As mentioned above when I downgrade the firmware to RUT9XX_R_00.06.05.1 the VPN connects correctly.

I assume that it's the lack of a 'key usage extension' in the certificate causing the issue.

I've asked our OpenVpn server administrator to look at this, in the meantime do you have any further suggestions?

by

I have same problem RUTX11 FW: RUTX_R_00.02.03

VPN Server: Synology Diskstation, 

  • Sat Feb  6 11:34:35 2021 daemon.err openvpn(Synology)[2002]: Certificate does not have key usage extension
  • Sat Feb  6 11:34:35 2021 daemon.notice openvpn(Synology)[2002]: VERIFY KU ERROR
  • Sat Feb  6 11:34:35 2021 daemon.err openvpn(Synology)[2002]: OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
  • Sat Feb  6 11:34:35 2021 daemon.err openvpn(Synology)[2002]: TLS_ERROR: BIO read tls_read_plaintext error
  • Sat Feb  6 11:34:35 2021 daemon.err openvpn(Synology)[2002]: TLS Error: TLS object -> incoming plaintext read error
  • Sat Feb  6 11:34:35 2021 daemon.err openvpn(Synology)[2002]: TLS Error: TLS handshake failed

My setup looks like this:

The funny part is I can get a PC to connect thru the RUTX11 (Green line) where I cannot get the RUTX11 to work (Red line), the windows 10 laptop is running openvpn version:

 

My RUTX11 setup is:

where Remote IP is the static IP, and username and password is the profile on synology, what has a output setup as this:

dev tun

tls-client

remote YOUR_SERVER_IP 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,

# not only the address which was specified in the --remote option.

# This is useful when you are connecting to a peer which holds a dynamic address

# such as a dial-in user or DHCP client.

# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's

# default network gateway through the VPN.

# It means the VPN connection will firstly connect to the VPN Server

# and then to the internet.

# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.

# Repeat this option to set secondary DNS server addresses.

#dhcp-option DNS DNS_IP_ADDRESS

pull

# If you want to connect by Server's IPv6 address, you should use

# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode

proto udp

script-security 2

comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth RSA-SHA512

auth-user-pass

<ca>

Any good ideas???