Hello everyone,

First of all: I'm new to this network-stuff, so don't be rude ;)
My english is also not the best one, so sorry for that.

I have two RUT240 routers and I'm trying to connect them with a VPN connection. 
The biggest problem is: I can't ping one RUT from the other RUT. Both routers have dynamic public IP's and work with cellular data.

The strange thing is: If I ping the RUT240 from my 'Home-Internet', it is working, but if I connect to one RUT240 and try to ping the other one, then it's failing.

I have no idea why this is happening.

I was able to make the routers accessible over the Internet with a Dyndns-Service, so I can access the Web-Ui at every time.

Like I said before, my goal is to establish a VPN-connection, but it's not working. Maybe because of this "ping-problem".

Now everything is set to factory settings, only dyndns is configured. 
Internet is working like a charm on both RUT's. Buf if I connect over Wifi to one Rut240 and try to ping the other one, i get no results.
The same happens If I try to ping over ssh or CLI.

This picture shows my ping attempt over CLI. NOT WORKING. :(

This one shows the pinging over Windows cmd over my home Internet.  Working!    


So I think, that VPN can't be established as long as the "ping-problem" exists. Am I right? Can you please help me.

Thanks in advance :)

1 Answer

No worries about limited knowledge and your English, we are here to help you in any case :)

First of all, I need some information about what are you running as VPN, what is the topology of this and what is the configuration you've managed to set-up. Did you follow wiki links?

If you're new to networking I would highly recommend using ZeroTier as your first VPN as it doesn't need a lot of knowledge to set-up and works perfectly out of the box.

To have it on RUT240 you would need to download it through package manager first. To do that - go to System > Package manager and find ZeroTier package, install it.

Once you've done that - you need an account on ZeroTier Central: https://my.zerotier.com/login

Register it there, create a network and just paste that network ID in your ZeroTier configuration on RUT240.

Let it connect and you should see your device connected next to Member section of ZeroTier Central, that means your router has joined the network and is ready to use. You can do the same for other device - let's say another RUT240. Just connect it the same way and you should see both devices in your Members page. The IP's given by ZeroTier should be already pingable, but if you want to access the LAN side of those routers - let's say computer behind RUT240 NR1, then you can follow answer on this post: https://community.teltonika-networks.com/27018/struggling-with-zerotier-routing-on-trb140?show=27018#q27018

These routes (change them according to the clients you've connected yourself) should allow you to ping devices behind routers through their local IP addresses.

Hope this helps.

Thank you very much for your reply. I will give your suggestion a shot and try ZeroTier. 

To answer your questions; I tried to configure IPsec with the help of the wiki-documentation (https://wiki.teltonika-networks.com/view/IPsec_configuration_examples).
Here is the configuration sheme which I want to realize with my two RUT's.
Some background infromation: Two plc's should be able to communicate over cellular data with each other, because of geographically location. Cable connection is not possible.
So I bought 2 sim-cards with public-ip's and thought the easiest way is to link them with a VPN or tunnel like in this picture.

The local LAN on one side should be accessible from the other side.

I've managed to set up a working PPTP connection. Unfortunately not between the two RUTs but between my Windows10 and one RUT240. I've configured the Rut as server and was able to connect over windows to it. I also have access on the local LAN and everything is good. The other Rut was configured as a client but it never connected to the server. I checked this with 'ipsec status'. 
So my windows is able to connect to the PPTP server, but the other RUT not. 
Then I realized, that I even can't ping the public ip of the RUT from the other RUT, but from my home-DSL it is working.
Later I checked the DNS-resolve with nslookup and it's fine. 
I read in another forum, that this ping issue over cellular network could be a "upstream failure" from ISP side?! Do you know anything about this? They said, if a dns-resolve is working but pinging not than it is blocked by the ISP.

One more question: I configured ZT and I'm able to ping the ZT assigned IPs, this looks good.
Is it normal that my CPU-Load went up to 85-90 %? The RUT240s Web-Ui is very laggy now.

Thank you very much for your help. :)

**edit: The CPU-Load looks ok, think this was just temporary. Now it's about 45-55%.

I've read your use-case and I think for such simple use ZeroTier will do it's work and should be even easier to configure, as I understand for new people in networking the key to comfort is simplicity, and ZeroTier offers just that.

Just so you know, you don't need two public IP's, only one is needed for server-client configuration with any VPN out there, so to keep your costs low - one public IP is enough.

And answering your question about CPU - yes, this is normal, as there are more services running in the background of the RUT240 and it's not like the most powerful device of our whole product line - it's totally normal that from time to time it will ramp up to 80-90% of CPU usage. To keep those numbers as low as possible you may check other services if they're disabled, especially the ones you don't need (like RMS). What's enabled and what's not you can find here: https://wiki.teltonika-networks.com/view/RUT240_Services

Thank you very much!

I routed the IPs like you wrote in the other post and it works fine.
Now I'm able to ping local IPs from both sides. Thanks!!!
Yeah, one public is enough.. i learned a lot ;)

Some questions over ZeroTier;
Can you tell me if ZeroTier has any downtimes?
I mean, its ok, if the plc's lose connection sometimes for a short time. But it should work the most time ;)
Can I assume a 24/7 working connection?

Best regards and one more time: Big thanks!
I just know that ZeroTier has a limit of the devices (routers) after which it becomes a paid service. If I remember it right - it's 100 devices in the network. Other than that, no limitations regarding the connectivity and 24/7 worktime.

So if your mobile connections work as it should - ZeroTier shouldn't lose any packets during it's lifespan.

Your my hero ErnestasB !!

Best community forum ever, ultra-fast replies.

Thanks! I wish you a good time and stay healthy ;)
Glad I managed to help you.

Have a nice day :)