FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,885 views 2 comments
by
Hi,

I have some problem accessing the lan behind a rut230.

This is the situation.

Pfsense as openvpn server - Rut230 as openvpn client (no public ip address available) - tun mode

The vpn tunnel goes up just fine.

I can access every single host behind the server, but I am not able to access lan hosts (include the rut230) behind the teltonika router.

I can see the packet in the tunnel (tcpdump pfsense server) (10:59:52.732753 IP 10.0.10.1 > 192.168.2.1: ICMP echo request, id 64343, seq 505, length 64)

10.0.10.1 is the pfsense side of the tunnel

192.168.2.1 is the teltonika router (lan ip)

using tcpdump on teltonika side there is no icmp request

I added this firewall rules on rut230 (From any host in vpn To any host in lan accept forward - enabled)

So it should work, what am I missing?

Thanks

Rodolfo

1 Answer

0 votes
by

HI,

Change router LAN IP subnet from 2.1 to another one. Are you using TLS authentication or Static key?

According you description seems issue is related with routes, but without full configuration hard to say where you made a mistake.

You could check attached configuration example, perhaps you will find what was missed.

https://community.teltonika-networks.com/?qa=blob&qa_blobid=3108171076362012181

by
thanks for the answer

why i should change lan ip subnet? just curios

this is the routing part from pfsense server

192.168.2.0/24     10.0.10.2          UGS      ovpns3 (10.0.10.0/24 is the tunnel 1-> pfsense 2-> teltonika)

routing from teltonika

0.0.0.0         10.64.64.64     0.0.0.0         UG        0 0          0 3g-ppp
10.0.10.0       0.0.0.0         255.255.255.0   U         0 0          0 tun_c_naq
10.64.64.64     0.0.0.0         255.255.255.255 UH        0 0          0 3g-ppp
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 br-lan
192.168.100.0   10.0.10.1       255.255.255.0   UG        0 0          0 tun_c_naq
192.168.110.0   10.0.10.1       255.255.255.0   UG        0 0          0 tun_c_naq

I am using tls authentication with certificate
by

why i should change lan ip subnet? just curios

By default router use 2.0 subnet for Hotspot.

I am using tls authentication with certificate

Please check this part in your server, this config is responsible for correct routes from server to client.