FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
864 views 6 comments
by

hi!

i'm new in the LTE-Router & VPN-world at all and not a pro (yet) ;). i have basic IT-Skills, i'm not really familiar with CLI.

The Setup i work in:
- Teltonika RUTX12, firmware RUTX_R_00.02.06
- SIM-Card vodafone.de LTE Business
- 4 Devices (VideoControl e. g. BlackMagicDesign ATEM,...) connected to LAN-Port1 with a NETGEAR GS108, Static IPs in 10.10.30.0-Range
- Remote-PC connected to LAN-Port2 for local control of the devices mentioned before. Static IP, same IP-Range
- Streaming-Encoder Connected to LAN-Port 3, IP tbd
- Apple MacBookPro, 10.15.7, Tunnelblick 3.8.4a (alternativ: OpenVPN Connect Version 3.2.5)

What i did for now:
- I set up a DNS-Server
- I generated the Certs&Keys via GUI on the RUTX12
- I copied the CA.cert.pem, CLIENT01.cert.pem and CLIENT01.key.pem on the my Apple MBPro which should work as a client to remotecontrol the devices connected to the RUTX12
- i checked the firewall & Port-Settings in the RUTX12
- I build the following configfile for the client:
client
dev tun
proto udp
remote i.deleted.this 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca CA.cert.pem
cert CLIENT01.cert.pem
key CLIENT01.key.pem
remote-cert-tls server
cipher AES-256-CBC
verb 4

this is the config of  the server (RUTX12):

God Damn. Now i spent 2 (very long) days to try different configs but i'm not able to establish a connection. this is the Log of Tunnelblick:
2021-01-19 12:35:21.632766 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-01-19 12:35:21.632864 TLS Error: TLS handshake failed

The future setup should work for a independet remoteproduction-studio... The task will be to control the devices on the server-site from office via VPN and send out two independet streams (rtmp / srt) without vpn. For now it would be great to get the vpn work for control!

Can some help me make this work?

1 Answer

0 votes
by anonymous
Hi,

It is really hard to tell if everything you do is right when you're using the client that is 3rd party open-source OpenVPN alternative for macOS. The question is have you tried setting up OpenVPN normally within original apps and settings?

Things you might want to check - if your macOS doesn't have a firewall of some sorts enabled and blocking the outgoing connection to the server? This assumption is based that the handshake isn't made and the connection isn't established as there's no one to answer the handshake that might be refused from one or another side.

Also, you might want to check the syntax for your macOS alternative app, maybe it's reading config files differently, maybe there must be ' ' symbols surrounding the values of each line.

If this alternative doesn't work as it supposed to, I would recommend using other VPN alternatives, like ZeroTier, which provides support for macOS originally https://www.zerotier.com/download/

EB.
by

Hi EB.

Thanks for your reply!

In my origrinal Post is mentioned "Apple MacBookPro, 10.15.7, Tunnelblick 3.8.4a (alternativ: OpenVPN Connect Version 3.2.5)" but didn't said clearly i tried it as well ;) - so: Yes, i tried it with the recommend and "original" app. as there are no "autosettings" for open vpn, i used the sample-config-file for the beginning and changed only the relevant parameters. that doesn't work too.

I'm not sticked to openVPN - maybe there is another way to connect to the Teltonika-Routers, that works?

by anonymous
Hi,

To get more examples on how to connect OpenVPN - you can find them here: https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples they should be enough for basic configuration and connecting. As I tried them last time - it was working so I believe it could be your Tunnelblick configuration that is wrong somewhere - in this case asking in their or OpenVPN forums would be better.

As for "another way", I already mentioned ZeroTier, that you can install through Package Manager, it is much easier configuration that only needs a few clicks and fields to fill to make it work as you like.

EB.
by anonymous
You can also try wireguard, easy to configure and excellent performance.

Regards,
by anonymous
I'm desperate :-/

i tried wireguard - and found it really easy to configure! but it doesn't work. again it's the tls-handshake.

are there other configurations to do in the rutx which i could have forgotten?
by anonymous
Is there any relevant error message in the kernel and/or system logs of the RUTX ? The Macbook ? Could you describe your configuration (omitting the sensitive informations of course) ?

Regards,
by anonymous
To configure Wireguard, choose a private network an IP addresses for the tunnel, for example 172.16.0.1 for the RUTX and 172.16.0.2 for the mac.

On the mac: set AllowedIps=10.10.30.0/24,172.16.0.1 and of course the keys, endpoints, ListenPort, DNS, MTU(=1420)

On the RUTX: set AllowedIPs=172.16.0.2 + the address of the ethernet interface of the mac. Enable input,output,forwarding,masquerade in the wireguard->lan and lan->wireguard firewall zones.

The routes on the RUTX should be good but better to check (ip route show), if not ip route add (the IP of the mac) via 172.16.0.2 dev (the tunnel name) metric 2.