There does not seem to be a regular way to report bugs to Teltonika? So I will post this here so it can potentially help other people and maybe they will pick up on it. If there's another way, please let me know.
I have a Debian server acting as OpenVPN server and 15 RUT240's connected to it as OpenVPN clients. Because of a change of server I decided to switch from TLS cert based auth to user/password auth for OpenVPN. This is where it turned bad.
After changing the configurations from cert based auth to password auth, only 5 of the 15 RUT240's where able to reconnect. Most of them where remote, but a few of them where local so I could log in and see what happend.
To my surprise it turned out the router changed the password I entered in the web GUI.
I will share some passwords, as they are random, have been changed already by now and it's the best way to illustrate.
Original password entered: acZ3GEY^ny$xJ7vFD%RNh75Q$
Password after saving: acZ3GEY^ny%RNh75Q$
At first glance I thought it had just cut the length of the password, but that's not the case, something is missing in the middle:
I checked the passwords of the 5 routers that did come back online and it turned out they where all the same length as the original one above, but none of them had a $ in it. Could that be it?
So I entered a few other passwords in the router to see what would happen:
- Original: 3kC8BBPD$e^f4@dS%4$HugEsT
- Saved: 3kC8BBPD^f4@dS%4
- Original: TaAPMU$uTgE53FhBvfx7
- Saved: TaAPMU
- Original: e8!g4D$CjJ4%!g3sNIBqJ6&9K
- Saved: e8!g4D%!g3sNIBqJ6&9K
- Original: $M7^qb7t$qJ2r9v56T@$5Z^aWEWf
- Saved: ^qb7t@Z^aWEWf
So what seems to be happening?
When there's a $-sign in the password, it will cut the part between the $ and the next special character out of the password.
I changed all passwords server side according to this method and all remote routers came back online.
This happend to me on different firmware versions:
Other OpenVPN settings
TLS cipher: All
HMAC auth algo: SHA512
Additional HMAC: tls-crypt