WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

Openvpn no internet when connected

0 votes
555 views 5 comments
by anonymous
Hi everyone

I have a problem that I really can’t figure out,

I have pfsense running an openvpn server and an rut360 running with an openvpn client connection

Internet is there when the openvpn connection is disabled but once it connects I can’t see any internet nor any device on the server side

I’ve exported the script direct from the server and even tried the same script On a standalone pc and the internet routes perfectly

I can also use the rut360 to ping the clients on the server side with no issue

So it seems the rut360 itself has connected and has access to the server side but the computers that connect to the rut360 don’t

Is there anything I can do on the rut360 to make me be able to see the server side on devices connected to the rut360?

Many thanks

Martin

1 Answer

0 votes
by anonymous

Hello.

Can you show the OpenVPN settings?

Run in UCI: cat /etc/config/openvpn

And also which routes are configured

ip route or route -n

Regards.

by anonymous

Hi There,

Thanks for replying here are the results

IP Route

root@Teltonika-RUT360:~# ip route

0.0.0.0/1 via 172.16.100.1 dev tun0

default dev qmimux0 proto static scope link src 100.73.59.74 metric 1

94.174.243.194 dev qmimux0

100.73.59.74 dev qmimux0 proto static scope link metric 1

128.0.0.0/1 via 172.16.100.1 dev tun0

172.16.100.0/24 dev tun0 proto kernel scope link src 172.16.100.2

192.168.1.0/24 dev br-lan proto static scope link metric 2

Open VPN via Cat

root@Teltonika-RUT360:~# cat /etc/config/openvpn

config webui 'webui'

        option _auth 'tls'

config openvpn 'Bravoit'

        option _name 'Bravoit'

        list data_ciphers 'BF-CBC'

        option nobind '1'

        option persist_key '1'

        option persist_tun '1'

        option status '/tmp/openvpn-status_Bravoit.log'

        option verb '5'

        option type 'client'

        option enable_custom '1'

        option upload_files '1'

        option config '/etc/vuci-uploads/cbid.openvpn.Bravoit.configpfSense-UDP4-1194-Martin-config (5).ovpn'

        option _auth 'tls/pass'

        option auth 'sha1'

        option _tls_auth 'none'

        option auth_user_pass '/etc/openvpn/auth_Bravoit'

        option tls_client '1'

        option client '1'

        option enable '1'

        option dev 'tun'

        option port '1194'

Below is from the OVPN that is uploaded to the RUT360

dev tun

persist-tun

persist-key

ncp-disable

cipher AES-256-CBC

auth SHA1

tls-client

client

resolv-retry infinite

remote 94.174.243.194 1194 udp

setenv opt block-outside-dns

lport 0

verify-x509-name "AspireServer" name

auth-user-pass

remote-cert-tls server

explicit-exit-notify

<ca>

-----BEGIN CERTIFICATE-----

Cert Goes Here

-----END CERTIFICATE-----

</ca>

<cert>

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</cert>

<key>

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

</key>

key-direction 1

<tls-auth>

#

# 2048 bit OpenVPN static key

#

</tls-auth>

I've got an ASUS router with the same OVPN file uploaded to it and it works well and even works plugged into the RUT360 so there mustn't be any restrictions on the mobile wan side
the rut itself pings all the hosts and pings 8.8.8.8 perfectly fine its just the connections to the rut that doesnt seem to be able to connect
I can ping the 172.16.100.2 which is what the openvpn ip's get assigned
by anonymous

I think we should try to configure RUT with our hands by specifying the correct network and mask from the server side. Then these networks will get into routes and firewall.

Now I don't see the OpenVPN settings that I have

option network_ip '0.0.0.0'

option network_mask '0.0.0.0'

specifies the LAN network of the server from which there is Internet access.

Regards

by anonymous

Hi Anton,

You were right, as soon as i put all the details in manually instead of using the ovpn script, all the routing issues went away.

however i do still have a small problem with the HMAC authentication part of the script,

When enabled i use the tls-auth option, insert the certificate and put the direction to 1 which was how the initial ovpn config file was presented but on the server side it reports this error

TLS Error: cannot locate HMAC in incoming packet from [AF_INET]213.205.192.85:43816

Heres the current config that works when i switch of hmac on both client and server ofcourse

root@Teltonika-RUT360:~# cat /etc/config/openvpn

config webui 'webui'

        option _auth 'tls'

config openvpn 'OpenVPN'

        option keepalive '10 120'

        option _name 'OpenVPN'

        option nobind '1'

        option persist_key '1'

        option port '1194'

        option dev 'tun_c_OpenVPN'

        option persist_tun '1'

        option status '/tmp/openvpn-status_OpenVPN.log'

        option verb '5'

        option type 'client'

        option proto 'udp'

        option auth_user_pass '/etc/openvpn/auth_OpenVPN'

        option _auth 'tls/pass'

        option remote '94.174.243.194'

        option resolv_retry 'infinite'

        option network_ip '172.16.100.0'

        option network_mask '255.255.255.0'

        option auth 'sha1'

        option ca '/etc/vuci-uploads/cbid.openvpn.OpenVPN.caASPCA.txt'

        option cert '/etc/vuci-uploads/cbid.openvpn.OpenVPN.certaspcert.txt'

        option key '/etc/vuci-uploads/cbid.openvpn.OpenVPN.keyaspkey.txt'

        option tls_client '1'

        option client '1'

        option _tls_cipher 'custom'

        option cipher 'AES-256-CBC'

        list data_ciphers 'BF-CBC'

        list data_ciphers 'AES-256-CBC'

        option enable '1'

        option _tls_auth 'tls-auth'

        option tls_auth '1 /etc/vuci-uploads/cbid.openvpn.OpenVPN.tls_authstatic.txt'

        option auth_key_direction '1'

        option upload_files '0'

Have you got any ideas?

by anonymous
sorry typo on the comment above the config show is when hmac is enabled but when i disable it the connection works properly
by anonymous

Hi!

You have not shown the server settings. It is necessary to change the authorization type on both sides (client, server).

One thing can be said for this error: authorization does not work :), but you already know that. Probably a problem with the ta certificate.

Try to look here https://forums.openvpn.net/viewtopic.php?t=26176

Regards