FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12615 questions

14984 answers

23964 comments

46771 members

0 votes
523 views 8 comments
by
Hello,

My RUT950 is conneted as client via IPSEC.

I can ping it from the server side but I do not have access to any web view (WebUi or other http web view).

May be a firwall missconfiguration but I am lost ...

Thanks for your support,

Regards,

JP

2 Answers

0 votes
by
Hi, what ip are you trying to access? By LAN ip or WAN ip?

Perhaps an article from the wiki will help you https://wiki.teltonika-networks.com/view/IPsec_configuration_examples

Is there a check mark "Allow WebUI access" in the IPsec settings?

Regards
by
Thanks for your suggestions.

I am connected on the VPN Server side. I can ping all the LAN Ips. My router is at 10.1.2.1.

The "Allow WebUI Access" is cheked.

In fact, I can not reach all the http/https pages. It is the case for the Router WebUi but also for others Web Interfaces peripherals.

JP
by
What firmware do you use?

I have a similar scheme working on FW RU T9_R_00.07.00.2.

If you think that the problem is in the firewall configuration, then you can try to turn off the firewall completely to check. According to the instructions https://wiki.teltonika-networks.com/view/Disable_Firewall

You can also try to enable remote access in the SYSTEM -> ADMINISTRATION -> ACCESS CONTROL section and get into WebUI via WAN ip.
by

I was in RU T9xx_06... version. I upgraded to the latest. I am now with the FW RU T9_R_00.07.00.2

I turn off the firewall. It does not solve the issue.

In the Firewall > Port Forwards. There is a rule Enable_HTTP_WAN_PASSTHROUGH From Any host in wan Via any router IP at port 80 forward to 127.0.0.1 port 80 in Lan. If I change the 127.0.01 to the IP routeur adress (10.1.2.1), i can access the WebUI.

It looks as if my request from the IPSec WAN are not getting to the target. once again, ping is working on all périphérals...

JP

by

When updating, did you leave the settings or set up the router again?

When I configure IPsec in Port Forwarding, a rule is created with these parameters.

config redirect

        option proto 'any'

        option name 'Exclude-IPsec-from-NAT'

        option extra '-m policy --dir out --pol ipsec'

        option vpn_type 'IPsec'

        option target 'ACCEPT'

        option dest 'wan'

        option enabled '1'

And if you use localhost instead of IP? Can you also send a Troubleshoot file and your network topology to PM?

A Troubleshoot file contains a device's event logs, configuration files and other info useful for diagnostics. It can be downloaded from your device's WebUI, Troubleshoot page:

System → Administration → Troubleshoot

Regads.

by

When updating, did you leave the settings or set up the router again?

>> I leave the settings

When I configure IPsec in Port Forwarding, a rule is created with these parameters.

>> there is a forwording rule " IPsec in Port Forwarding" but I am not clear the settings are the same as the one you mentionned.

And if you use localhost instead of IP? Can you also send a Troubleshoot file and your network topology to PM?

>> I have the troubleshoot file but what is "PM"? 

Regards

by

>> I leave the settings

try to save the current settings, reset the settings and configure everything from scratch with your hands.

PM = Private Message. There is a "send private message" button on the account page.

And if you use "localhost" instead of IP?

by

Hello,

I can not reset the router as the site is in in production. I working on it remotly...

I order a new one to test it off site . When it will be solved out, we will replace the one currentlt not working.

Have you find something in the "troubleshoot file"? 

Regards,

JP

by

Hi. You wrote

In the Firewall > Port Forwards. There is a rule Enable_HTTP_WAN_PASSTHROUGH From Any host in wan Via any router IP at port 80 forward to 127.0.0.1 port 80 in Lan. If I change the 127.0.01 to the IP routeur adress (10.1.2.1), i can access the WebUI.

If you change the rule to "Any tcp From any host in wan To any router IP at port 80 this device" Is something changing?

0 votes
by
Hello,

I completly reseted the router and reconfigured it from scratch with the minus "manual" configuration.

I has solved out this issue.

Regards,

JP