10417 questions

12418 answers

19280 comments

21748 members

+1 vote
313 views 28 comments
by
Hello,

I have a problem with my RUTX11 and a PC that uses Globalprotect VPN.

My wife, is teleworking and her company, uses the software "GlobalProtect" to connect in VPN on their server.

It worked very well in Wifi on the router with the firmware "RUTX_R_00.07.01" but since then the update to "RUTX_R_00.07.01.2" it no longer works, the software connects well but it does not have internet on the PC.

So I used the connection sharing of his iPhone instead of the wifi of the router and there it works well and when I go back to the wifi of the router it no longer works.

Do you have a lead?

Could the latest update have created this problem?

Best regards

2 Answers

0 votes
by

Hello,

Thanks for contacting TELTONIKA | Crowd-support forum.

Please try to reflash the firmware without keep setting. Enter in your router’s WebUI, go to System > Firmware > Update firmware > Flash new firmware and then upload the fw RUTX_R_00.07.01.2 without keep setting.

Here’s the link to download the fm version  RUTX_R_00.07.01.2.

https://wiki.teltonika-networks.com/view/RUTX11_Firmware_Downloads

In addition, the Wireless section of the Network tab can be used to manage and configure WiFi Access Points. you can delete the old ESSID and add a new ESSID either in 2.4 GHz band or 5 GHz band. you can also determine the type of Wi-Fi encryption used.

More information can be found here:

https://wiki.teltonika-networks.com/view/RUTX11_Wireless#Wireless_Security

Should you need any additional information please let us know. 

Best regards,

by
Hi!

does it work now for your wife? I got asked to downgrade but nah, and that was in another thread but I sent in a troubleshoot file.
by
Hello,

No I still have the same problem and like you they asked me to downgrade but I don't have time.
by
Is the Network->Firewall->Nat Rules->Exclude-IPsec-from-NAT checkbox set to On on the router ?
by

Hi, yesterday I installed 07.01.04 but it still doesnt work with Globalprotect VPN from Palo Alto.

I got an suggestion to check "Is the Network->Firewall->Nat Rules->Exclude-IPsec-from-NAT checkbox set to On on the router ?"

But there are no checkboxes on that page and I cant find any similar either.

I would very much like this €500  box to work as expected again!

by
Me neither, no change.

Personally, I will wait for version 7.2.
0 votes
by
Hello,

No I still have the same problem and like you they asked me to downgrade but I don't have time.
by

I think we are getting there (as to why it's missing, no idea - as I wrote it stopped working after a firmware upgrade). Now i can start Outlook (app in windows) and i can browse some sites, but not all and I can't reach corporate/internal stuff. And it's very slow.

Now I have

root@Teltonika-RUTX12:~# iptables-save | grep policy | grep ipsec

-A zone_ipsec_forward -m comment --comment "!fw3: Zone ipsec to lan forwarding policy" -j zone_lan_dest_ACCEPT

-A zone_lan_forward -m comment --comment "!fw3: Zone lan to ipsec forwarding policy" -j zone_ipsec_dest_ACCEPT

root@Teltonika-RUTX12:~#

Above you wrote "Check the page Network->Firewall->General Settings in the Zones->Forwardings section do you have lan=>ipsec and ipsec=>lan present (and both set to Accept/Accept/Accept)" And later to add one zone, which I did.

I also inserted iptables -t nat -A zone_wan_postrouting -m policy --dir out --pol ipsec -m comment --comment "!fw3: Exclude-IPsec-from-NAT" -j ACCEPT

but no difference and it disappears when i lookup the iptables later.

by

At least there is some progress. Go to Network->Firewall->Nat Rules, do you have a "Exclude-IPsec-from-NAT" rule there ?

If you don't add a section in /etc/config/firewall as:

config redirect            
        option proto 'any'             
        option name 'Exclude-IPsec-from-NAT'
        option extra '-m policy --dir out --pol ipsec'
        option vpn_type 'IPsec'
        option target 'ACCEPT' 
        option dest 'wan'

and restart the firewall: /etc/init.d/firewall restart.

Also check the ipsec zone as above, activate the MSS Clamping button.

by

Thanks again but no difference (almost giving up...). Such a hassle!

root@Teltonika-RUTX12:/etc/config# /etc/init.d/firewall restart

Warning: Section @zone[1] (wan) cannot resolve device of network 'mob2s1a1'

Warning: Option @zone[2].conntrack is unknown

Warning: Section @zone[2] (ipsec) has no device, network, subnet or extra options

Warning: Option @redirect[0].vpn_type is unknown

Warning: Option 'pscan'.port_scan is unknown

Warning: Section @zone[2] (ipsec) has no device, network, subnet or extra options

by

I am not sure about what is missing now, there is a new version 07.02.1 you can try to do an upgrade without keeping the settings. If you do that check that the 'Exclude-IPsec-from-NAT' rule is present even if not enabled before reconfiguring the device.

by
I'm already at that version and I have tried that before and I dont have the time to connect all IoT-stuff again without knowing for sure that it till work.

This has been going on since January (and there is at least one more in this thread with the same problem).

Thank you so much for your support but now I must check with the official.

Have a nice weekend,

Frederic