Question

I am having a major problem with our Teltonika RUT955! We have a fairly simple scenario: RUT955 with 4G SIM and L2TP from A&A selected as default route. The L2TP works fine, it's connected and showing the right IP address, BUT the firewall doesn't seem to be blocking anything inbound! I can access my router completely through the L2TP ip address, even though I shouldn't be! I started seeing many SSH attempts on the router and couldn't understand why since I only enabled SSH from a specific IP address! So how are they all getting through?! So I started investigating and basically it all looks open on the WAN side, I can ping and access anything on the router even though in Firewall rules it all looks correctly configured?? How is this possible??
 

Can someone please help as we are seeing attacks on the router every night and the 4g data is getting over-used!

I am on the latest RUT9xx firmware!

Urgent help needed please!

Comments

See the screenshots from the firewall section:

Clearly it looks like I shouldn't have access to HTTP or SSH from the outside world, right?? And yet I do! The way I understand it, by default anything coming in should be rejected whether it's WAN or L2TP, correct?
 This is a major security flaw!

---

Can anyone from Teltonika help with this?? It is a serious security vulnerability!

Answer 1

Hi, 

First of all, try adding this rule and see if it applies correctly and firewall works.

If not - please follow the further steps:

• As this could be vulnerability issue we must know how did you managed to do this. Please reset your router to factory defaults and set-up L2TP again and check if you have this issue again. If the firewall still does not look like it's doing anything - download a troubleshoot file and a backup file and send it to me via private message for further investigation.

Thank you.

EB.

Comments

Hi! Thanks for your reply!

It seems that after creating a rule to block all from L2TP to Device, it prevents all the access to the router correctly!

What I don't understand is why this isn't the case by default? Because by default WAN inbound is blocking everything apart from the things you allow in the firewall. But for L2TP everything is open, unless you manually make rules to block things. This isn't clear anywhere in the documentation and by looking at Firewall > General Settings > Zone forwarding, it makes you believe that the default rule for inbound from L2TP is to Reject the traffic.

It seems to me it's either a bug or a feature left on purpose like this?

I understand some people who will have L2TP configured NOT as a default route will maybe want to have clear passage through the firewall (as they own the L2TP server as well and control the traffic that way?). But for people who configure L2TP as default route (me), it should behave the same way as WAN. Because i don't own the L2TP server I am connecting to, it's just a service I am paying for who are offering me a noNAT fixed IP address which the router gets so it's very much like WAN. But yet the rules are set in mind only for WAN, not L2TP. Maybe there should be a script that, when you're configuring L2TP client and tick "Use as default route", it creates a few rules in the firewall that work the same way as WAN rules, preventing access to the device, not leaving it open to the world.
Just a thought.

Thanks for everyone's help!

Answer 2

Hello!

Is it possible for you to send troubleshoot file to me in PM?

BR

Aliaksandr

Comments

Hi! I can give you anything you need, just tell me what to do! I am desperate to fix this!

Thanks!

Pav