FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,049 views 9 comments
by anonymous
I have a rut230 inside a clients company network.

I have uploaded the open VPN config file to the router and it seems to connect fine.

I can access the routers web interface from inside the VPN network, all seems to be working fine.

However, for some reason, I just cannot figure out how to now access a device on the LAN interface?

I have a device running on 192.168.3.3:502

which I need to access from within the VPN.

how do I go about doing this?

1 Answer

0 votes
by anonymous
Hi,

In our wiki: https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples#Reaching_a_device.27s_LAN_network we explain how to reach the LAN of the device in the OpenVPN network.

Please follow it and you should be able to reach it.

EB.
by anonymous

I have read that, however it does not make any sense to me.

I have tried adding a port forward but that does not seem to work. Please advise as to what I need to add or change?

by anonymous
Are you sure you've read that wiki part fully? Cause it's all explained there, and even if it sounds confusing for you it's necessary for your use-case.

Please read it again, and if you want to know more about static routes - you can find information here: https://wiki.teltonika-networks.com/view/Routing#Static_Leases

I would tell you what routes should be pushed, but for that, I would need a full topology of your network right now and what are you trying to do. Without a scheme, I doubt I will be able to help you.

EB.
by anonymous

Yes, I am sure I have read it, It Is extremely confusing and talks about servers and clients and to be honest I do not know which instance I am trying to implement.

I have drawn the network setup here:

All I am trying to do, is get the Laptop to be able to talk to that local machine on port 502 tcp.

how I understand that to work, is that in the laptop's software I will  try to connect to the teltonika VPN IP:  100.96.1.34:502

it will then masquerade that to the local LAN 192.168.3.3:502  using the port forwarding rules?

Are these assumptions correct?



 

by anonymous
In this case, you would need to port forward OpenVPN 100.96.1.34:502 port to 192.168.3.3:502 device in LAN, but it would be easier to push routes of 192.168.3.0 network and then access 192.168.3.3:502 through local IP instead of using port forwards.

EB.
by anonymous
You speak about push routes?

What is this and how do I add them?
by anonymous
On the server-side configuration there is a field that says push option:

https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples#Push_options

In it, you type "route networkIP SubnetMask" and then it's pushed to every OpenVPN network client so it knows that there's a route to that network through VPN.

EB.
by anonymous

I do not have that option available under the OPENVPN settings.

by anonymous
It's because:

1. It's a client instance that you have configured there.

2. You're loading OpenVPN config from file, so these changes must be done in the config itself.

EB.
by anonymous
I have the same issue with an almost identical setup.

Client network                |     OpenVPN            

            PLC <------------------> RUT240 <---------> OVPN Server <----------> OpenVPN Client (laptop)
LAN:  192.168.1.3:502     192.168.1.250
OpenVPN:                           10.9.0.90                    10.9.0.1                         10.9.0.5

Port forwarding:
LAN port: 502 to LAN device 192.168.1.3
WAN port: 6502 from any device

I need to forward the Modbus port (same as @Zapnologica asked for), but the answers provided aren¿t applicable, because the internal LAN segment (192.168.1.x) is too common and will conflict with other client's own private networks, so pushing LAN routes from the OpenVPN server is forbidden. (in case you ask, No: I cannot change the client's private LAN segment addressing).

What I need is to establich the VPN connection from the RUT240 (which is already running Ok) and just reach this router, not the internal LAN.

With port forwarding I could reach the internal devices (the PLC at port 502) through the Router's OpenVPN address and external port (6502).

The latter isn't working and cannot find why.

EDIT: We have found that apparently the problem resides on the PLC in the LAN not having a defined gateway and so, cannot be "found" from the VPN, even though port forwarding is active and set correctly.

Question remains why? Why can't the RUT240 address the device through port forwarding?
Please note that the RUT240 can actually communicate with the PLC at 192.168.1.3 (It responds to 'ping'), but other devices cannot access it from the VPN.