7953 questions

9404 answers

15104 comments

12981 members

0 votes
106 views 2 comments
by

I have a 955 that sends all traffic thru an external OpenVPN server.
Every 6/12 hours it stops working and it is completely isolated from the Internet.

After extensive debugging, I discovered that after a mobile reconnection, VPN status is wrong and the routing table misses static routes.

At the start, VPN works. This the routing table:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         10.8.47.1       128.0.0.0       UG    0      0        0 tun0
default         10.174.209.58   0.0.0.0         UG    0      0        0 wwan0
8.8.8.8         *               255.255.255.255 UH    10     0        0 wwan0
10.8.47.0       *               255.255.255.0   U     0      0        0 tun0
10.174.209.56   *               255.255.255.252 U     10     0        0 wwan0
128.0.0.0       10.8.47.1       128.0.0.0       UG    0      0        0 tun0
138.x.x.x.      10.174.209.58   255.255.255.255 UGH   0      0        0 wwan0
192.168.4.0     *               255.255.255.0   U     0      0        0 br-lan

where 

  • 10.8.47.1 is the openVPN SERVER private IP 
  • 138.x.x.x is the openVPN SERVER public IP
  • 10.174.209.58 is the IP From the Telco.

You can see that I added a static route to keep the traffic to DNS 8.8.8.8 via wwan0
where 8.8.8.8 is the default DNS Server configured in RUT955.

When the Operator (Iliad) drops the mobile connections and RUT955 reconnects, the router stops routing correctly.
After reconnection RUT955 gets a new IP from the operator: 10.61.244.1
and the routing table after reconnections is this:

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         10.8.47.1       128.0.0.0       UG    0      0        0 tun0
default         10.61.244.1     0.0.0.0         UG    0      0        0 wwan0
default         10.61.244.1     0.0.0.0         UG    10     0        0 wwan0
10.8.47.0       *               255.255.255.0   U     0      0        0 tun0
10.61.244.1     *               255.255.255.252 U     10     0        0 wwan0
128.0.0.0       10.8.47.1       128.0.0.0       UG    0      0        0 tun0
192.168.4.0     *               255.255.255.0   U     0      0        0 br-lan

  • the route to Public Gateway IP is missing
  • the static route to 8.8.8.8 is also missing.
  • the tunnel is not working, 
  • traffic is not forwarded via tun0
  • ping to any public IP fails.

Restarting VPN from GUI is not working.
A modem reset or mobile reconnect is not working.
The only solution is a modem reboot.

How can I solve this?

Thanks

Here is salient log after loss of connection:

Mon Mar 29 06:31:27 2021 daemon.notice netifd: Interface 'ppp' has lost the connection

Mon Mar 29 06:31:27 2021 daemon.warn dnsmasq[3871]: no servers found in /tmp/resolv.conf.auto, will retry

Mon Mar 29 06:31:28 2021 daemon.notice netifd: ppp_4 (3638): udhcpc: received SIGTERM

Mon Mar 29 06:31:28 2021 daemon.notice netifd: Interface 'ppp_4' is now down

Mon Mar 29 06:31:28 2021 daemon.notice netifd: Network alias '' link is down

Mon Mar 29 06:31:28 2021 daemon.notice netifd: Interface 'ppp_4' has link connectivity loss

Mon Mar 29 06:31:28 2021 daemon.notice netifd: Interface 'ppp_4' is disabled

...

Mon Mar 29 06:31:28 2021 daemon.notice netifd: Interface 'ppp' is now up

Mon Mar 29 06:31:28 2021 daemon.info dnsmasq[3871]: reading /tmp/resolv.conf.auto

Mon Mar 29 06:31:28 2021 daemon.info dnsmasq[3871]: using only locally-known addresses for domain lan

Mon Mar 29 06:31:28 2021 daemon.info dnsmasq[3871]: using nameserver 8.8.8.8#53

Mon Mar 29 06:31:28 2021 daemon.info dnsmasq[3871]: using nameserver 1.1.1.1#53

Mon Mar 29 06:31:28 2021 user.info Messaged[6936]: Start from new event "Mobile Data" "Mobile data disconnected"

...

Mon Mar 29 06:31:41 2021 user.info Messaged[7388]: Start from new event "Mobile Data" "Mobile data connected, IP: 10.61.244.1 Iliad"

Mon Mar 29 06:31:43 2021 daemon.err insmod: module is already loaded - xt_multiport

Mon Mar 29 06:31:43 2021 daemon.err insmod: module is already loaded - xt_connmark

Mon Mar 29 06:31:44 2021 daemon.err insmod: module is already loaded - xt_comment

Mon Mar 29 06:31:44 2021 daemon.err insmod: module is already loaded - xt_length

...

Mon Mar 29 06:31:48 2021 local1.crit hotplug-netifd-netstate[7905]: ERROR: uci set (set)

Mon Mar 29 06:31:48 2021 local1.crit hotplug-netifd-netstate[7905]: ERROR code: uci err: Invalid argument

Mon Mar 29 06:31:48 2021 local1.info hotplug-gsmstate[7907]: envACT: ifup

Mon Mar 29 06:31:48 2021 local1.info hotplug-gsmstate[7907]: envDEV: wwan0

Mon Mar 29 06:31:51 2021 daemon.err insmod: module is already loaded - xt_multiport

Mon Mar 29 06:31:51 2021 daemon.err insmod: module is already loaded - xt_connmark

Mon Mar 29 06:31:51 2021 daemon.err insmod: module is already loaded - xt_comment

Mon Mar 29 06:31:51 2021 daemon.err insmod: module is already loaded - xt_length

Mon Mar 29 06:31:52 2021 user.notice firewall: Reloading firewall due to ifup of ppp_4 (wwan0)

...

Mon Mar 29 06:33:28 2021 daemon.notice openvpn(client_tet)[5071]: TCP/UDP: Preserving recently used remote address: [AF_INET]138.X.X.X:1212

Mon Mar 29 06:33:28 2021 daemon.notice openvpn(client_tet)[5071]: Socket Buffers: R=[8388608->8388608] S=[8388608->8388608]

Mon Mar 29 06:33:28 2021 daemon.notice openvpn(client_tet)[5071]: UDP link local: (not bound)

Mon Mar 29 06:33:28 2021 daemon.notice openvpn(client_tet)[5071]: UDP link remote: [AF_INET]138.X.X.X:1212

Mon Mar 29 06:34:28 2021 daemon.err openvpn(client_tet)[5071]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Mon Mar 29 06:34:28 2021 daemon.err openvpn(client_tet)[5071]: TLS Error: TLS handshake failed

Mon Mar 29 06:34:28 2021 daemon.notice openvpn(client_tet)[5071]: SIGUSR1[soft,tls-error] received, process restarting

Mon Mar 29 06:34:28 2021 daemon.notice openvpn(client_tet)[5071]: Restart pause, 5 second(s)

Mon Mar 29 06:35:00 2021 cron.info crond[5440]: USER root pid 8809 cmd /usr/sbin/ping_reboot.sh cfg01c21d

Mon Mar 29 06:35:10 2021 user.notice ping_reboot.sh: Host 8.8.8.8 unreachable

Mon Mar 29 06:35:10 2021 user.notice ping_reboot.sh: 5 min. until next ping retry

Mon Mar 29 06:36:33 2021 daemon.err openvpn(client_tet)[5071]: RESOLVE: Cannot resolve host address: pstest17.XXXXXXX.XX:1212 (Name or service not known)

Mon Mar 29 06:38:33 2021 daemon.err openvpn(client_tet)[5071]: RESOLVE: Cannot resolve host address: pstest17. XXXXXXX.XX:1212 (Name or service not known)

Mon Mar 29 06:38:33 2021 daemon.warn openvpn(client_tet)[5071]: Could not determine IPv4/IPv6 protocol

Mon Mar 29 06:38:33 2021 daemon.notice openvpn(client_tet)[5071]: SIGUSR1[soft,init_instance] received, process restarting

Mon Mar 29 06:38:33 2021 daemon.notice openvpn(client_tet)[5071]: Restart pause, 5 second(s)

Mon Mar 29 06:38:38 2021 daemon.warn openvpn(client_tet)[5071]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Mon Mar 29 06:40:00 2021 cron.info crond[5440]: USER root pid 9445 cmd /usr/sbin/ping_reboot.sh cfg01c21d

Mon Mar 29 06:40:10 2021 user.notice ping_reboot.sh: Host 8.8.8.8 unreachable

Mon Mar 29 06:40:10 2021 user.notice ping_reboot.sh: Restarting modem after 2 unsuccessful tries

2 Answers

0 votes
by

Hello,

Thank you for contacting .

May i know the firmware on the device? did to tried the latest

Can i get the troubleshoot file in DM  ? System>Administration>Troubleshoot. (Before you download troubleshoot file make sure device is on the  latest firmware and the above logs are saved in the troubleshoot file) .

Also regarding the static routes can you try adding them to custom scripts ? So that they would not delete after the reboot. 

https://wiki.teltonika-networks.com/view/RUT955_User_Scripts

Thank you.

Regards,

Ahmed

by
Hi Ahmed,

yes, firmware is the latest 06.07.5.

Static Route to 8.8.8.8 has been added in web GUI and is kept after a reboot. It is only lost after mobile re-connection.
Static Route to Public Gateway IP has added automatically when VPN starts and is also lost after mobile re-connection.

At the next hanging, I will send you the troubleshoot file.

Thanks,

Regards,

Fabrizio
+1 vote
by

Sorry to answer my own question, but after further investigation, I discovered that OpenVPN service does not reinitialize after ifdown/ifup

You can reproduce this easily with an OpenVPN client active on RUT and issuing via CLI an ifdown ppp / ifup ppp command.
After ifup the routing table keeps forwarding all traffic to the dead VPN gateway.

I solved this with a quick and dirty script that re-initializes the OpenVPN service after ifup.

I created /etc/hotplug.d/iface/99-openvpn and put the script in.

#!/bin/sh

[ "$ACTION" = "ifup" -o "$ACTION" = "ifupdate" ] || exit 0

case $DEVICE in

        wwan* | eth1)   logger -t "openvpn" "Reloading openVPN due to $ACTION of $INTERFACE ($DEVICE)"

                        /etc/init.d/openvpn restart

esac

Now the OpenVPN reinitializes after the loss of connection from the Mobile operator and restores a working routing table.
Note: this script works for me and my configuration, where all traffic is forwarded thru an external VPN gateway, don't assume it is a generic solution.
by
Hello,

Happy to hear that issue has been resolved.

Thank you.