Question

Hello

I am having a lot of difficulty setting up an RUT955 as OpenVPN server with a windows PC as client.  (TCP and TUN mode).    I wondered if someone could show me a working configuration and screen shots.

I have the system working the other way around just fine i.e. RUT as client and windows OpenVPN as server.  I've modified these working configurations to try and get the RUT955 working as server but to no avail.

Do I need to open the RUT955 firewall on port 1194 for this to work?

I note in the teltonika helps guide an OpenVPN configuration parameter which I don't understand and might be related, perhaps someone could elaborate-

https://wiki.teltonika.lt/view/OpenVPN_client_on_Windows    has an entry in the ovpn file 'dev tun_c_ovpn'     I can't correlate it with the description in the ovpn manual.

regards

Guy

Comments

Hello

I'm on same situation .

Did you solve the problem ?

---

I am same problem RUT 955 is not connected any OpenVPN connection?

Answer 1

Hello,

Attaching OpenVPN manual which should you help to configure OpenVPN both on PC and RUT955. Also we recommend checking if RUT955 is using latest available firmware, keep in mind DO NOT keep settings when flashing, furthermore make sure router is using public IP address which can be reached from the internet. On PC make sure no firewall rule are blocking specific ports used for OpenVPN connection.

Download firmware from: https://wiki.teltonika.lt/view/RUT9xx_Firmware

Manual: https://community.teltonika-networks.com/?qa=blob&qa_blobid=13184931711830019916

Comments

thanks for your assistance.  I have followed that and it doesn't seem to work.   Please can you examine my setup below for any obvious errors?   (note that I have it running seamlessly if the RUT955 is the client and my laptop is the server).

Laptop as client on public static IP but behind office router.  Router ports opened for UDP and TCP on 1194 to my laptop.
RUT is on a fixed public IP and configured as vpn server.  Firmware version is RUT9XX_R_00.05.03.3  Here is screenshot of RUT set up

10.143.100.0 255.255.255.0 is the lan behind the rut955.

I did not set anything up under TLS clients as I only want the clients to be able to see the RUT LAN.

I have tried with and without the Push Route option.

When it is enabled and running the STATUS-NETWORK-OPENVPN tab on the WebUI says it is connected and sat on IP 10.250.0.1

here is the OVPN file from the laptop.  Laptop is running windows 10 with latest OpenVPN installed.

client
dev tun
proto udp
remote DELETED.BY.ME.201 1194
route 10.250.0.0 255.255.255.255
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
DELETED BY ME
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
DELETED BY ME
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
DELETED BY ME
-----END PRIVATE KEY-----
</key>

# I GET A WARNING ON OPEN VPN SO I'VE TRIED WITH AND WITHOUT THE NEXT LINE, BU IT DOESN'T HELP
;remote-cert-tls server

cipher AES-256-CBC
comp-lzo
verb 3

Finally here is the log from the windows client end -

Wed Jan 30 15:13:02 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Wed Jan 30 15:13:02 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jan 30 15:13:02 2019 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Wed Jan 30 15:13:02 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Jan 30 15:13:02 2019 Need hold release from management interface, waiting...
Wed Jan 30 15:13:03 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Jan 30 15:13:03 2019 MANAGEMENT: CMD 'state on'
Wed Jan 30 15:13:03 2019 MANAGEMENT: CMD 'log all on'
Wed Jan 30 15:13:03 2019 MANAGEMENT: CMD 'echo all on'
Wed Jan 30 15:13:03 2019 MANAGEMENT: CMD 'bytecount 5'
Wed Jan 30 15:13:03 2019 MANAGEMENT: CMD 'hold off'
Wed Jan 30 15:13:03 2019 MANAGEMENT: CMD 'hold release'
Wed Jan 30 15:13:03 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jan 30 15:13:03 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]DELETED.BY.ME.201:1194
Wed Jan 30 15:13:03 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 30 15:13:03 2019 UDP link local: (not bound)
Wed Jan 30 15:13:03 2019 UDP link remote: [AF_INET]DELETED.BY.ME.201:1194
Wed Jan 30 15:13:03 2019 MANAGEMENT: >STATE:1548861183,WAIT,,,,,,

Wed Jan 30 15:16:13 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Wed Jan 30 15:16:13 2019 TLS Error: TLS handshake failed

Wed Jan 30 15:16:13 2019 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 30 15:16:13 2019 MANAGEMENT: >STATE:1548861373,RECONNECTING,tls-error,,,,,
Wed Jan 30 15:16:13 2019 Restart pause, 5 second(s)

Although it works fine with the laptop as the server, I was concerned there may be a windows/ovpn issue here.  I generated another ovpn client config file with different certificated and tried connecting to the RUT with OpenVPN running on an android phone.  That also timed out.  (it works when laptop is the server).

Thanks in advance for any assistance you can provide.

---

I believe I have just discovered the problem.   I needed to go to the RUT955 firewall and open port 1194 between the WAN zone and the Device zone.  

I am surprised that the router didn't do this automatically in the same way it handles other services.    Please can you confirm that this is the correct solution and there isn't something else that should have happened?

thanks

---

Did you solve the problem ?

please , i need a help i'm on the same situation.

How did you open the port ?

---

Hello,

Router should open ports automatically when configuring OpenVPN.

Can you sharme more about what issue you are having with the OpenVPN? Can you PM me a troubleshoot file (System -> Administration -> Troubleshoot) of the router with which you have issues?

---

It is sent....
exactly the same issue 

Fri Mar 27 10:55:44 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019 Fri Mar 27 10:55:44 2020 Windows version 6.2 (Windows 8 or greater) 64bit Fri Mar 27 10:55:44 2020 library versions: OpenSSL 1.1.0l 10 Sep 2019, LZO 2.10 Fri Mar 27 10:55:44 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Fri Mar 27 10:55:44 2020 Need hold release from management interface, waiting... Fri Mar 27 10:55:45 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Fri Mar 27 10:55:45 2020 MANAGEMENT: CMD 'state on' Fri Mar 27 10:55:45 2020 MANAGEMENT: CMD 'log all on' Fri Mar 27 10:55:45 2020 MANAGEMENT: CMD 'echo all on' Fri Mar 27 10:55:45 2020 MANAGEMENT: CMD 'bytecount 5' Fri Mar 27 10:55:45 2020 MANAGEMENT: CMD 'hold off' Fri Mar 27 10:55:45 2020 MANAGEMENT: CMD 'hold release' Fri Mar 27 10:55:45 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Mar 27 10:55:45 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Mar 27 10:55:45 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.5:1194 Fri Mar 27 10:55:45 2020 Socket Buffers: R=[65536->65536] S=[65536->65536] Fri Mar 27 10:55:45 2020 UDP link local (bound): [AF_INET][undef]:1194 Fri Mar 27 10:55:45 2020 UDP link remote: [AF_INET]]XX.XX.XX.5:1194 Fri Mar 27 10:55:45 2020 MANAGEMENT: >STATE:1585302945,WAIT,,,,,, Fri Mar 27 10:56:46 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Fri Mar 27 10:56:46 2020 TLS Error: TLS handshake failed Fri Mar 27 10:56:46 2020 SIGUSR1[soft,tls-error] received, process restarting

Please see the 2 MPs .....