FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

13341 questions

15855 answers

25645 comments

50345 members

0 votes
1,171 views 2 comments
by
  • Device: Teltonika RUT950 LTE
  • Firmware: FW ver.: RUT9XX_R_00.06.07.5

Seems to be a common issue/request but not seen a solution yet.

Have setup a site to site OpenVPN server on the pfsense router with the following settings

  • Server Mode: Peer to Peer (Shared Key)
  • Protocol: UDP on IPv4 only
  • Device Mode: tun
  • Interface: WAN
  • Port: 1195
  • Encription Algorithm: AES-128-CBC (128 bit key, 128 bit block)
  • Auth digest Algorithm: SHA256 (256-bit)
  • IPv4 Tunnel Network: 10.0.100.0/24
  •  Ipv4 Remote network: 192.168.0.0/24
  • Compression: disabled
  • Keepalive 
    • Interval 10
    • timeout 60
  • Gateway creation: Both

I setup the OpenVPN client on the RTU950 with the following settings

  • Enabled: Checked
  • OpenVPN config from file: disabled
  • Tun/Tap: TUN
  • Protocol: UDP
  • Port: 1195
  • LZO: Unchecked
  • Remote host IP: <WAN IP of the pfsense router>
  • Resolve retry: infinite
  • Keep alive 10 60
  • Remote network ip: 192.168.100.0
  • remote network ip mask: 255.255.255.0
  • Authentication: Static Key
  • Encription: AES-128-CBC 128
  • Local tunnel endpoint IP: 10.0.100.2
  • Remote tunnel endpoint IP: 10.0.100.1
  • Extra Options: none
  • Static pre-shared key: 2048 bit OpenVPN static key file uploaded to RUT950

However this failes to connect. I note that there is no choice for the Auth Digest Algorithim on the RUT950 and the Local and remote tunnel IP have to be individual not a subnet.

The errors on the pfsense OpenVPN seem to be Authentication/decription issues?

Apr 21 17:30:56 openvpn 76556 Authenticate/Decrypt packet error: packet HMAC authentication failed
Apr 21 17:30:56 openvpn 76556 Authenticate/Decrypt packet error: packet HMAC authentication failed
by

export of OpenVPN config

dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA256
pull
resolv-retry infinite
proto udp
remote 185.xxx.xxx.xxx 1195 udp4
route 192.168.100.0 255.255.255.0
ifconfig 10.0.100.2 10.0.100.1
keepalive 10 60
However in the Router this does not look like it imports correctly
by
Found the solution even if its a bit poor.

Despite LZO being unchecked it seems to still be active. So enabled it both sides

Had to drop the Auth Digest down to SHA1 on the OpenVPN server as that seems to be the only supported one by the RUT950? This seems VERY poor.

These two changes enabled the VPN link to work. Now testing how stable and effective it is.

1 Answer

0 votes
by
Hi,

Sorry for the late response, glad you've found your solution.

EB.