WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

OpenVPN configuration problem

0 votes
3,517 views 4 comments
by anonymous

Hi

I want to create an OpenVPN link in order to have the LAN (RUT955) at my computer (Windows).
The RUT955 is client and my computer is server. The connection is good (I have the right key certificates, etc ...) against cons I can not have dialogue and my OpenVPN server and the client. No answer to ping.
Below is a diagram of my installation. This is a test bench and the IP addresses are all internal and not public.

What configuration of the server and client should be done to make it work ?   

File configuration Server


;local a.b.c.d

port 1194

# TCP or UDP server?
;proto tcp
proto udp4

;dev tap
dev tun

;dev-node MyTap

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"

;topology subnet

server 192.168.5.0 255.255.255.0

;ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\log\\ipp.txt" 5
;ifconfig 10.0.0.0 255.255.255.0

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

client-config-dir "C:\\Program Files\\OpenVPN\\config\\ccd"
;route 10.9.0.0 255.255.255.252
route 192.168.2.0 255.255.255.0

;learn-address ./script

;push "redirect-gateway def1 bypass-dhcp"

;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

client-to-client

;duplicate-cn

keepalive 10 120

;;;;;tls-auth ta.key 0 # This file is secret

cipher AES-256-CBC

;compress lz4-v2
;push "compress lz4-v2"

comp-lzo

;max-clients 100

;user nobody
;group nobody

persist-key
persist-tun

status openvpn-status.log

;log         openvpn.log
;log-append  openvpn.log

verb 3
;mute 20

explicit-exit-notify 1

I followed the following tutorial: https://wiki.teltonika.lt/view/OpenVPN_traffic_split

This is the route in the teltonika

Routes

ARP

Adresse IP MAC address Interface
192.168.3.220 C4:3D:C7:A3:33:30 eth1
192.168.3.1 14:0C:76:76:50:58 eth1

Active IP Routes

Réseau Cible IP gateway Metrique
wan 0.0.0.0/0 192.168.3.1 0
vpnas 10.0.0.6 0.0.0.0 0
lan 192.168.2.0/24 0.0.0.0 0
wan 192.168.3.0/24 0.0.0.0 0
vpnas 192.168.5.0/24 10.0.0.6 0

Do you need other information?

Thanks in adavance

1 Answer

0 votes
by anonymous

Hi,

Seems like something went wrong with IP's/Subnets.

Please check attached configuration examples: https://community.teltonika-networks.com/?qa=blob&qa_blobid=6149994271852996940.

by anonymous

Thank you very much for the documentation.


But I still have access problems.
Question:
1)Does ping pass through the VPN in tun mode?
2)What should be the rules? as the topik explains: https://wiki.teltonika.lt/view/OpenVPN_traffic_split

3)Do you need to touch the file: -> /etc/iproute2/rt_tables. AND/OR ->/etc/config/network AND/OR ->/etc/hotplug.d/iface/55-vpn

4)a This the configuration de OpenVPN Server. From the documentation.

port 1194

proto udp4

dev tun

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"

cert "C:\\Program Files\\OpenVPN\\config\\server.crt"

key "C:\\Program Files\\OpenVPN\\config\\server.key"

dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\log\\ipp.txt"

ifconfig 10.8.0.0 255.255.255.0

client-config-dir "C:\\Program Files\\OpenVPN\\config\\ccd"

route 192.168.2.0 255.255.255.0

client-to-client

keepalive 10 120

cipher AES-256-CBC

comp-lzo

persist-key

persist-tun

status openvpn-status.log

verb 3

explicit-exit-notify 1

The file in the folder ccd contains:

ifconfig-push 10.8.0.9 10.8.0.10

iroute 192.168.2.0 255.255.255.0

4)b The OpenVPN client configuration interface teltonika

Active IP Routes

Réseau Cible IP gateway Metrique
wan 0.0.0.0/0 192.168.3.1 0
tun_c_FreeN1 10.8.0.0/24 10.8.0.10 0
tun_c_FreeN1 10.8.0.10 0.0.0.0 0
lan 192.168.2.0/24 0.0.0.0 0
wan 192.168.3.0/24 0.0.0.0 0

OpenVPN

Activé Yes
Status Connected
Type Client
IP 10.8.0.9
Mask 255.255.255.255
Time 0h 31m 29s

What can I give you as information to help me?

Thank in advance

by anonymous
1)Does ping pass through the VPN in tun mode?

Yes, but depends on how and what you are testing.

2)What should be the rules? as the topik explains: https://wiki.teltonika.lt/view/OpenVPN_traffic_split

This is no needed in your case (according your topology).

3)Do you need to touch the file: -> /etc/iproute2/rt_tables. AND/OR ->/etc/config/network AND/OR ->/etc/hotplug.d/iface/55-vpn

No.

In client config "Remote network IP address" set server side subnet: 192.168.1.0

Try to reach router using IP 10.8.0.9 and 192.168.2.1

If issue persist, try to change router LAN IP from 192.168.2.1 for example to 192.168.5.1
by anonymous

it works with:

1) "Remote network IP address"  : 192.168.1.0.
2) There was also a problem that OpenVPN did not work in administrator mode. Road manufacturing was rejected.

the road was well made. I have access from the server to the router.

By cons does not access the router to the server, ie 192.168.1.1

I added the line : route 192.168.2.0 255.255.255.0 in client config "Extra options"
I added the line : route 192.168.1.0 in the file server configuration. but no response to ping 192.168.1.5 or 192.168.1.99

despite all the road seems good


Active IP Routes teltonika

Réseau Cible IP gateway Metrique
wan 0.0.0.0/0 192.168.3.1 0
vpnas 10.8.0.0/24 10.8.0.10 0
vpnas 10.8.0.10 0.0.0.0 0
vpnas 192.168.1.0/24 10.8.0.10 0
vpnas 192.168.2.0/24 10.8.0.10 0
lan 192.168.2.0/24 0.0.0.0 0
wan 192.168.3.0/24 0.0.0.0 0


IP Routes Windows

a configuration idea ? do you see an error?


Thank in advance

by anonymous
hi

I still can not communicate from 192.168.2.1 to 192.168.1.99.
To check if the ping passes well in the OpenVPN tunel I want to see the incoming and outgoing vpn packets.
tcpdump does not give anything?

I ask myself two questions:

1) I do not know if tcpdump can see the OpenVPN package?
2) Can someone give me a solution to see the incoming / outgoing OpenVPN packages from the CLI command?

thanks in advance for your help