Question

I have an RUT240 running as a VPN endpoint with few devices (PLC and HMIs) on its LAN. RMS VPN has been setup successfully and I can connect to all devices attached to RUT240 through VPN but the connection speed is atrociously slow and it's nearly impossible to do any work on it. Is there a way to resolve this issue? RUT240 has a wired connection on WAN and the connection speed is more than enough to handle remote access to PLC and HMI.

Comments

HI what latency do you get on ping? I noticed it is about 400-600 msec. I am not sure how many servers teltonica has but the one I am connected to is in Europe, so from asia europe and back is a bit of delay.

Brian

---

Hey Brian, of the devices I could ping I was getting about 500~600ms. I am based in the Australasia region (New Zealand). How did you check the region of the server you're connected to? I've also noticed that RUT240 is struggling to connect to the LTE (low RSRP even out in the open area) and its level of performance, in general, is somewhat underwhelming when I compared it to the other 'domestic' level routers. 

Overall, I am really disappointed by the slow speed of their VPN service... I liked everything about their RMS platform it's easy to set up and use but the performance of their server and hardware is ruining the entire experience for me. 

Answer 1

Hello,

Thank you for contacting.

May i know when it started happening , is it the 1st time you are testing the feature?

Was it working before fine?

What is the firmware on the device?

Is it possible if you can share the topology of the whole solution , how are you connecting everything?

What about the other side connection from where you are trying to reach the end devices that are connected to the Rut240.

Thanks.

Comments

It was like this from the moment I started testing.

RUT240 is running on the latest firmware RUT2_R_00.07.01.2.

The topology is really simple:

3 devices on LAN(192.168.1.x, 255.255.255.0) ----> Unmanaged Switch ----> RUT240 (br-lan)   RUT240 (eth1) ----> WAN

On the other side of the connection, our office laptop is connected to the internet through a managed router and modem.

Speed is good when I access the devices on LAN through Wifi but everything turns into custard the moment I try to access the devices through VPN.

---

Hi Ahmed , you said there are few servers for RMS but for vpn tunnel you seem to be using server in europe. 3.69.106.81 while we are in asia / aus / NZ

Answer 2

HI I am in thailand but I actually live in Sydney. I opened this site, https://ipapi.co/  and put in 3.69.106.81

the address that openvpn uses to connect to teltonica rsm server. You will find it if you open log for the connection on your computer.

2022-02-20 15:55:37 UDP link remote: [AF_INET]3.69.106.81:34672

BTW if you use webbui to log into the rut 240 what is the IP you get on your mobile connection? I get something like 10.xxxxxx which is private lan. This was reason I could not ping it from remote laptop. have a nice sunday evening Brian

Comments

Hi Brian,

I have the exact same address 3.69.106.81 looks like all traffics are directed to the same server?

RUT240 is currently connected to the internet through a wire and while I am connected to VPN I can ping one of the devices but not the rest which I find a bit strange..

---

did you put a route command on the vpn tunnel?

---

i am not sure what you mean by route command? btw, turns out I wasn't able to ping because of the firewall but even without the firewall the connection speed is still extremely slow..

---

R U using RMS VPN in a hub. So Here is mine. In RMS/VPN hubs/choose your hub/click routs/Add route.... I put a general route command for all devices from  1-254 on that machine subnet. then you restart vpn. That should help to connect any device behind the RUT 240. BTW make sure all devices behind RUT you want to connect to have gateway set up = to the Lan address of RUT. Tried to paste picture but could not

---

Speed, my automation guy reckons that it is slow but can work. He said that when we set up a direct vpn tunnel on RUT 240 (with our machne in Europe) that was very fast. Meaning we are not going via a any cloud server.  Going vpn direct from laptop in our factory -via internet to customer LAN then RUT in machine 

---

Oh, yes lan forwarding was enabled and I was able to reach all devices on LAN I just couldn't ping some of them when the firewall was running. I am going down the same route of setting up a VPN server on the router itself and accessing it with the OpenVPN client. I was a bit reluctant of doing this since it meant I had to get a sim card with a static IP address but I guess there are not many options left with the RMS VPN out of the picture..

---

The machne in Poland we had the rut set up as client calling out , so you can have dynamic or private IP on RUT. It was calling out to our factory in Thailand, with the router set to forward 1194 port to a laptop on inside with fixed IP running ovpn server. To make it more exciting our spare line which we used has dynamic IP so we had to set up ddns name for it so the RUT could find it and connect to laptop.

---

right, so you have the exact opposite of what I am planning on doing. Makes sense to set up a server in the office now that I think about it.. was it easy to set up a configuration where you can access the devices on RUT240 running as a VPN client? I remember reading in the manual saying that it's a little bit more complicated to access the devices on LAN of RUT240 (VPN client) from the server-side.

---

say you have your RUT at your customer site, and if your client can set up port forwarding on their firewall/router to the RUT sitting on their LAN, ( he has to give you a fixed IP address compatible with his LAN, to put on the WAN side of RUT Wan then you set up the RUT as server. Your laptop in your factory will have Ovpn, client, calling remote IP of your customer, port 1194.

When you hit that port it will be forwarded to the IP on RUT and the VPN connection will be established.  You can also use mobile network with SIM but you also need to ask the mobile company to do port forwarding the SIM ( I am checking that now). First one requires set up on customers side (not always possible), second with Mobile company. But they do have one advantage, you can connect to any of the routers you have in the field from anywhere.  It all depends what you are looking for.

---

The other way I mentioned before, the router (client) calls out to you, be it from wired LAN or mobile but there is not set up at customer site. Set up is only on your Internet router side (say at home). But there couple of issues:

1- the RUT can call only the one router you set up (say at your home). (meaning can not establish connection from any place)

2- second problem is that I have many machines so if they all start calling at the same time how do I choose which one will connect. I am working on that now. This is how the RMS works, the RUT calls to their Server, and then you establish connection with RUT via their server. that is why it is slower.

---

Hi Brian,

Thank you so much for the detailed explanation! I wasn't expecting to get this much information from here. I can't wait to test out the methods you have mentioned above.
Yes, you're right each method has its own ups and downs and to me, it looks like the ultimate form of this solution is to have a central VPN server running in your office and have all other devices (RUTs on-site and work laptops) connect to it as a client and let them talk to each other. I believe it was an option called client to client although I am not 100% sure.

For now, it looks like having RUTs on-site calling a server on my laptop is the easiest solution since I won't need to deal with the IT department of the client's facility..

---

Hello,

Basically our RMS data is hosted on AWS servers so it depends on the AWS servers availability where is the nearest server and in which country you are located in.

Thanks.