WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUT 9xx firmware 06.06 OpenVPN bug

0 votes
490 views 6 comments
by anonymous
Hi! We have several Teltonika devices deployed (mixture of RUT500, RUT900 and RUT950) and two of the RUT900/950 devices have stopped connecting to our VPN server after upgrading to the latest 06.06.1 firmware.
All our other Teltonika devices connect fine and they are on older firmwares. Latest working firmware tested is 06.04.05. I haven't tried the 06.05, but the 06.06 definitely breaks the OpenVPN connection for us. Anyone else having this issue?? It's really bizarre because I can see the router trying to connect to our PfSense openvpn server like the rest of the devices, but it just says handshake failed and it keeps trying over and over with no success. I first thought it was something wrong with our OpenVPN server, but I upgraded our PfSense to the latest version today and all the other Teltonika routers connect fine apart from those two that didn't connect before with firmware 06.06.01.
I would downgrade them to the known working version, but they are deployed at customer sites and I don't want to lose the configuration settings when downgrading!
Any ideas?? I tried changing from SHA1 to SHA256 and changing from UDP to TCP port and a few other things, but these two routers never manage to connect with firmware 06.06.01!

Any help is appreciated!

1 Answer

0 votes
by anonymous
Hi,

At least OpenVPN logs would be appreciated. As it is now, I can't really tell what's going on, so it would be helpful if you could upload logs from server and client sides.

EB.
by anonymous

Apologies, here's the pic from PfSense openvpn log:

It doesn't say much really. 

How do I get a OpenVPN log from Teltonika though?

Thanks,
Pav

by anonymous

You can do that in CLI by executing logread command which will give you all the system log you need from the device. To filter only openvpn messages you will need to use the grep, execute it like that: logread | grep openvpn.

EB.

by anonymous

Thanks, got it now!

Here's the screenshot from Putty:

by anonymous

Okay, I see some conflicts under software, could you reset RUT9 devices and set-up OpenVPN clean?

After factory defaults please note these suggestions and configure OpenVPN again:

  • You will need to change the algorithm from SHA1/MD5 to SHA256 in openssl-1.0.0.cnf file before generating any keys.
  • Make sure you use UDP connection and all the keys have separate common names.
Something doesn't match and it causes your error to happen. Please follow my suggestions and come back to me with the results.
EB.
by anonymous
I will not be able to reset the router to factory settings right now as it is deployed at a customer site so it will have to wait until I go on site.
If I change the algorithm from SHA1 to SHA256 on the server, I will have to change it for all our other Teltonika routers deployed on customer sites, so this is not the best solution right now. All the keys & certs have already been generated and work for all other teltonika routers so not sure why this needs to be done from scratch?
UDP is already used and all the keys have separate common names.
I will report back hopefully next week when I go to customer site.
Thanks for the help so far!
by anonymous
Hey! So I finally went to the customer site that was having this issue.

I reset the router to factory settings as you asked me to. Before changing any other settings, I went straight to the OpenVPN section to configure that first and see if it works this time. I put all the settings as before with the same certificates as before and it still doesn't work. I cannot change the algorithm from SHA1 because we have many client sites and they all connect to this OpenVPN server fine, so making this change just for this one place is not an option.

Then I went and downgraded the firmware to 06.04.5 and as I said in the original post, it all started working perfectly! Same router, same settings, same certificates, same everything! Why is that?? So strange!

This means I will have to keep all our Rut9xx routers on this firmware since it seems that OpenVPN doesn't work properly on the latest firmware.. At least I found a solution I guess. Not ideal, but it works. Just hoped you would find the issue and fix it in future firmwares so I can continue getting firmware updates.

Regards,
Pav