5191 questions

6344 answers

10170 comments

6278 members

0 votes
102 views 1 comments
by

Hi

I can't get the OpenVPN client of a RUT240 router working. Based on what I've seen at the server side with Wireshark and with the OpenVPN server's log, it looks like there might be some issue with the TLS handshake (server working on ubuntu 16.04 and openvpn 2.3.10).

However, I've tried to do the same thing running the OpenVPN client on a PC (ubuntu 18.04 with openvpn 2.4.4) and it works perfectly with the same config file.

Here is the config file (I've removed the sensitive data, but other than that, it's exactly my client config file).

Client config file

Here you can see log files for both PC and Teltonika connections. In the second one the router simply gives up way too fast (like 5 seconds after starting the negotiation) and starts another one, while the connection coming from the PC is established in the first attempt.

Server Log connecting from PC

Server Log connecting from Teltonika

I've also tried both config modes at the router:

  • Using the config file. In this case the config overview says nothing about the protocol or the port (I don't know why) VPN conf overview.
  • Configuring it manually. Here you have the screenshots Manual config (1) / (2).

In order to prevent it from being a firewall problem, I've enabled the forward to LAN for both WAN and OpenVPN Forwarding zones, although this shouldn't be a problem as the tunnel isn't even been established yet.

And one final thing, my idea is to use the mobile interface as WAN, but for some reason the router doesn't even try to open the tunnel when I set mobile as WAN (there is connectivity at this point because I can navigate from the internal network through the router, which means there's nor SIM neither mobile network problem). I have to set the wired interface as WAN in order to make it at least try.

Device information:

  • Model: RUT240 LTE
  • Firmware version: RUTXX_R_00-01-12.2
  • Kernel: 3.18.44
  • Bootloader: 3.2.2

What am I doing wrong? How can I check where the problem is?

Regards

1 Answer

0 votes
by

Hello,

I just analyzed your logs and found a mismatch:

Oct  6 16:02:37 navetoshiba-TECRA-A11 ovpn-server[7951]: D.C.B.A:37250 Local Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'

Oct  6 16:02:37 navetoshiba-TECRA-A11 ovpn-server[7951]: D.C.B.A:37250 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'

It looks like you are not uploading one of the keys, probably the TLS auth key. Also please upgrade your router firmware to 12.3 firmware version. Sometimes OpenVPN tunnel fails to start and restoring the router to factory default configuration helps.

If that does not help could you private message me with server IP address and certificates, I will try to set up tunnel myself.

Regards.

by

Look at this:

Keydir difference between client and server

In both cases (PC and router) the log shows the same regarding this point. This keydir attribute actually indicates the "key direction", not the "key directory", which is 1 for clients and 0 for servers.

After having updated the firmware, I've tried and the behaviour hasn't changed. I'll send you the information in a PM so that you can check it from your side.

Regards