FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
948 views 7 comments
by anonymous
Is it possible to establish a site to site connection between a RUTX11 and a RUT955 using OpenVPN?

AG

1 Answer

0 votes
by anonymous
Hi,

Yes, it is possible as long as the device has functionality for OpenVPN tunneling. In your scenario, because you have RUT955 and RUTX series device WebUIs of both devices will differ from each other, but if you configure them logically - the tunnel should go up.

Please follow these instructions and configure both sides to your needs: https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples

EB.
by anonymous
Hi,

thank you! I am aware of the examples you mentioned, but I have only from client side (RUT955) access to the servers local network (192.168.100.0 255.255.255.0).
From the Server (RUTX11) it is NOT possible to access the local Client Network. And I can only reach the Client via the Virtual Network Address 10.0.0.6 but not via its local IP 192.168.1.1.

I carefully established all certificates with the correct CN, and on the Servers VPN Configuation "TLS Client" is set up.

In the Servers VPN Configuration I first used the push option "route 192.168.100.0 255.255.255.0". But it makes no difference in the behavior so I decided not to use the push option.

Can it be a hardware problem?
by anonymous

If you did everything, and by everything I mean:

- Created a TLS client with a common name, private remote endpoints and networks configured.

- Checked if you have routes in on both sides: execute route and make sure both ends have something like:

192.168.1.0 10.0.0.5 255.255.255.0 UG 0 0 0 tun_c_Client

and other (server) side:

192.168.2.0 10.0.0.2 255.255.255.0 UG 0 0 0 tun_c_Server

- If you can ping it through:

ping 192.168.2.x -I tun_c_Server (or client interface)

- And you don't have anything in your firewall blocking the connection between those two networks.

If you did everything, it should work.

EB.

by anonymous

Thank you! The server route is 10.0.0.0/24 10.0.0.2 but should be 192.168.1/24 10.0.0.2. as per your advise.
I fear, the root cause is a wrong configuration of the RUTX11 Network Interface:

Routing Table Server:

by anonymous
Hi, this route you has to exist. Please add the ones I mentioned above, everything else seems to be right.

EB.
by anonymous

Thanx EB!
I added the route as suggested - see screen shots below. But Pings sent fom Server-RUTX11 192.168.100.1 to --> 192.168.1.1 still does not function. I only received ping answer from 10.0.0.6, and also the client GUI only can be reached from Server side via the same IP 10.0.0.6. In the oposit direction everything works fine. Should I replace the RUT955 Client with a RUTX11 to aviod compatibility issues? 
PS: I changed the Name of the Server Network from "opvpn" to "x11opvpn".

by anonymous

There seems to be a lot of unnecessary routes. Only those which I gave you should be needed. I would suggest you reset your device and try configuring everything again.

Before resetting I would suggest trying to disable the firewall and see if it changes anything: /etc/init.d/firewall stop in CLI should do the trick. 

EB.

by anonymous
I followed your recommendations, and stopped the firewall before I resetted both units, RUTX11 and RUT955. Stopping the firewall did not solve the problem. After reconfiguring RUTX911 from scratch, all unnecessary routes disappeared, but it was almost impossible, to get the missing route from 10.0.0.2 to target 192.168.1.0/24 recognised by the router. After definig the static route, it was not visible in the routing table, also rebooting did not help. Only after I changed the Network Type in the route configuration from x11opvpn -> lan -> wan -> and back to x11opvpn, the correct routing was suddenly shown in the routing table! But this did not change the general behaviour of RUTX11! I still was not able to see the RUT955 Network, only the GUI of RUT955 was acessable via the virtual IP 10.0.0.6.
I also tried to configure another RUTX11 unit with older firmware the same way, but failed because of other limitations/bugs. With updated firmware, I faced the same issue as with the other unit!

I then tried OpenVPN Authentification with Static Key. Within a few minutes, traffic in both directions was possible!
What else can I do to get OpenVPN working on TLS? Will the next firmware fix it?