11384 questions

13563 answers

21250 comments

31888 members

0 votes
944 views 4 comments
by

I've setup RUT950 as a vpn connector to cloud.openvpn.net and have one machine conneected to it (msi-laptop). I have another machine (scadascope12) connected to the save vpn server though the openvnp3 app. I can ping and ssh to scadascope12 from behind the router from msi-laptop. But when I try to ping msi-laptop from scadascope12 I recieve the following error: From 192.168.1.182 icmp_seq=1 Destination Port Unreachable

It seems something in the firewall is blocking the ICMP requests to router lan. I've enabled vpn zone forwarding in the firewall config on RUT950 as well as added a rule to allow ping on LAN.

by

Bellow are some test from both machines


MSI-LAPTOP

ﬦ ~                                                                                                                                                                                                              
 ip a | grep enp       
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 
   inet 192.168.1.156/24 brd 192.168.1.255 scope global dynamic noprefixroute enp3s0 

ﬦ ~                                                                                                                                                                                                              
 ping -c 4 100.96.1.35 
PING 100.96.1.35 (100.96.1.35) 56(84) bytes of data.
64 bytes from 100.96.1.35: icmp_seq=1 ttl=61 time=236 ms
64 bytes from 100.96.1.35: icmp_seq=2 ttl=61 time=271 ms
64 bytes from 100.96.1.35: icmp_seq=3 ttl=61 time=281 ms
64 bytes from 100.96.1.35: icmp_seq=4 ttl=61 time=309 ms

--- 100.96.1.35 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 236.307/274.521/309.147/26.057 ms

ﬦ ~                                                                                                                                                                                                              
 traceroute 100.96.1.35                            
traceroute to 100.96.1.35 (100.96.1.35), 30 hops max, 60 byte packets
1  Teltonika-RUT950.com.lan (192.168.1.1)  0.400 ms  0.469 ms  0.527 ms
2  100.96.1.35 (100.96.1.35)  89.483 ms  106.977 ms  106.689 ms
3  100.96.1.35 (100.96.1.35)  107.498 ms  107.221 ms  107.749 ms
4  * * *

ﬦ ~                                                                                                                                                                                                              
 sudo route -n           
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 enp3s0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp3s0

 

by

SCADASCOPE12
apadmin@scadascope12:~$ ping -c 4 192.168.1.156 
PING 192.168.1.156 (192.168.1.156) 56(84) bytes of data.
From 192.168.1.156 icmp_seq=1 Destination Port Unreachable
From 192.168.1.156 icmp_seq=2 Destination Port Unreachable
From 192.168.1.156 icmp_seq=3 Destination Port Unreachable
From 192.168.1.156 icmp_seq=4 Destination Port Unreachable

--- 192.168.1.156 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3005ms

apadmin@scadascope12:~$ traceroute 192.168.1.156 
traceroute to 192.168.1.156 (192.168.1.156), 30 hops max, 60 byte packets
1  192.168.1.156 (192.168.1.156)  5.744 ms  5.725 ms  5.615 ms
2  192.168.1.156 (192.168.1.156)  8.003 ms  7.373 ms  7.822 ms
3  192.168.1.156 (192.168.1.156)  59.260 ms  70.947 ms  77.497 ms
4  192.168.1.156 (192.168.1.156)  77.190 ms * *


apadmin@scadascope12:~$ sudo route -n      
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.17.51.1     0.0.0.0         UG    600    0        0 wlo1
38.113.190.71   172.17.51.1     255.255.255.255 UGH   0      0        0 wlo1
100.80.0.0      100.96.1.33     255.240.0.0     UG    0      0        0 tun0
100.96.1.0      100.96.1.33     255.255.255.0   UG    0      0        0 tun0
100.96.1.32     0.0.0.0         255.255.255.240 U     0      0        0 tun0
100.96.2.0      100.96.1.33     255.255.255.0   UG    0      0        0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 docker0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.17.51.0     0.0.0.0         255.255.255.0   U     600    0        0 wlo1
192.168.1.0     100.96.1.33     255.255.255.0   UG    0      0        0 tun0

1 Answer

0 votes
by

Hi,

Have you pushed the right routes? To reach other clients or subnets it's necessary to push routes accordingly.

Please follow the configuration example and see if there's anything you missed.

https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples#Client_to_Client

EB.

by

I've set up the VPN importing config from the file. The vpn subnets are in the routing table of RUT950. After digging around I came across the following discussion, according to it tun0 name is reserved for hopspot connectivity. The name of the vpn interface on the router is tun0, could this be the cause?

by

If it's not enabled right now - it shouldn't cause any issues. I will need more information: 

  • ifconfigs/ipconfigs on both sides of VPN
  • screenshots of the firewall set-up on computers
  • configuration of your VPN screenshot.
Also, if you really think it's a firewall issue you can always try disabling it fully with command: /etc/init.d/firewall stop
EB