4218 questions

5218 answers

8038 comments

5224 members

0 votes
141 views 3 comments
by

RUT950 (RUT9XX_R_00.06.06.1) has been used as router for past 6 months onsite. Can see network, is on Internet, is ping-able, has static IP address. Need to change security up to VPN L2TP over IPSec followed https://wiki.teltonika-networks.com/view/RUT950_L2TP_over_IPsec_(Windows_10) but to no avail. System CLI reports IPSEC STATUS as 0 up, 0 connected, though initially while configured said not defined. L2TP error trying to connect - but would love to see the ports report either end.

Tried to get RUT950 Troubleshoot but while can set options where do you trigger a report, then how do you acquire it?  Failing that, is there a way of tracing if a NAT is in the way, and is the RUT950 NAT-T able?

2 Answers

0 votes
by

Hello,

Would you be able to draw simply topology scheme with LAN/WAN IP addresses of both your RUT950 devices and W10/W7 devices and share it with me? (it might be the case there there is IP conflict in the solution preventing from establishing VPNs)

To better understanding your RUT950 configuration, download troubleshoot package from router's "System -> Administration -> Troubleshoot" menu. If you are generating troubleshoot package through CLI with "troubleshoot.sh" command, then you can connect to router via SCP protocol and download generated troubleshoot package manually, which will be stored in "/tmp" directory.

Seeing W10/W7's IPsec and L2TP configurations would also be helpful in trying to resolve connection issue. Would you be able to make screenshots of W10/W7's configuration?

You can send this files (topology, troubleshoot package, configuration screenshots) to me via private message.

Best answer
by
Where should I PM the data? Send link to personal email (monitored) and can send information from corporate (unmonitored) site that has problem.
by

Simply:

 - Create Crowd Support Forum account. That can be done by pressing "Login -> Register" button in the top right corner of the page.

 - Then open my profile and press green "send private message" button.

by
The answer was as follows after Automatic Response's assistance.

SIM1 provided only a port forwarded public IP, the IP on the SIM was still private. As a result, any L2TP/IPSEC on the RUT950 would fail as the public IP ON THE DEVICE was not present.

SIM2 had a full public IP address, but would not connect, except after two hours of online assistance got working - something has SSH'ed or failed to update the routing tables so anything set would not work - but after editing they did. Was told that the new entries were only the as firmware level should have been, so a full FACTORY RESET would probably correct the tables. (It is possible on firmware update only a BOOT was done to retain settings and not a FACTORY RESET) .

Factory reset after noting down your settings then reinstating them fixed the problem.
0 votes
by

The answer was as follows after Automatic Response's assistance.

SIM1 provided only a port forwarded public IP, the IP on the SIM was still private. As a result, any L2TP/IPSEC on the RUT950 would fail as the public IP ON THE DEVICE was not present.

SIM2 had a full public IP address, but would not connect, except after two hours of online assistance got working - something has SSH'ed or failed to update the routing tables so anything set would not work - but after editing they did. Was told that the new entries were only the as firmware level should have been, so a full FACTORY RESET would probably correct the tables. (It is possible on firmware update only a BOOT was done to retain settings and not a FACTORY RESET) .

Factory reset after noting down your settings then reinstating them fixed the problem.  Full kudos points to Automatic Response for this.