FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
606 views 6 comments
by anonymous

Hi everyone,

I want to access an IP-Camera from the Internet using VPN on RUT955 with FW: 06.08.3.

I can not upgrade the Firmware and can not use RMS function on newer Firmware.

Want to use a VPN App on a Smartphone to get an IP address in the home network, where the IP-Camera is and then access it using a browser.

Please tell me how to configure this

Thank you!

2 Answers

0 votes
by anonymous

Hello,

Thank you for your question.

There are a lot of different VPN solutions for your case, I would recommend trying to set up OpenVPN, in our WIKI you can find a full guide on how to set up Camera Access from VPN: https://wiki.teltonika-networks.com/view/Camera_access_from_VPN and here is a full guide on how to set up OpenVPN: https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples

Another easy to set up VPN I would recommend for you would be ZeroTier, it's easy to set up and manage, full guide for ZeroTier you can find here: https://wiki.teltonika-networks.com/view/ZeroTier_One_VPN_configuration

Let us know if you need further assistance.

Best regards,

Edvinas

by anonymous

Hi Edvinas and thank you for your answer & your offer for further assistance - I need it :-)

All the examples you listed use two Teltonika RUTs but this is not what I want to do.

Also my RUT955 FW: 06.08.3. does not have the ZeroTier option, so I could not try this (sorry I can not update the Firmware - it must remain FW: 06.08.3.).

I want to have a VPN Tunnel to check the IP cameras in my local network, when I am in a Hotel or McDonalds, etc....

Please help me - it is very important!

Thank you

by anonymous

Hello,

ZeroTier VPN can be found in the Package Manager, it is not installed by default, so you'll have to install it on your router.

Firstly, you'll have to set up a VPN server on your router. I will give you all the steps to set up an OpenVPN server.

  1. You will need to generate TLS certificates, you can find a full guide on how to do that here: https://wiki.teltonika-networks.com/view/How_to_generate_TLS_certificates_(Windows)%3F
  2. Generate a static key, you can do it in your Router's SSH by executing the command: openvpn --genkey --secret static.key this command will generate static.key file that is required for the OpenVPN connection. Now you need to extract your new key file to your computer, for more information on how to do it read here: https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples#Static_key_Authentication
  3. Now you will need to configure the OpenVPN server on your router, you can find an example of how server configuration should look like here: https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples#Configuration I've also attached a picture of exact configuration you should look for: 
  4. Once you've set up your server check at OpenVPN status, it should be active, if it's not, trace back to your configuration steps and check if you haven't missed anything, and make sure you've uploaded all of the required TLS files correctly.
  5. Now the server should be ready, only the client is left to configure. To configure the OpenVPN client for PC you will need to follow this tutorial: https://wiki.teltonika-networks.com/view/OpenVPN_client_on_WindowsImportant: in your .ovpn file certificates you will need to copy are:
    1. In <ca> </ca> paste whole certificate from /easy-rsa/pki/ca.crt
    2. IN <cert></cert> paste whole certificate from /easy-rsa/pki/issued/"your_client_name".crt
    3. And in the last section <key></key> paste whole private key from /easy-rsa/pki/private/"your_client_name".key
    4. One more thing to change in your .ovpn file is to change the IP address to your router's public IP address
  6. After this step your Server and the Router should be ready to go, just connect the camera to the router and try to access it through a different network using a VPN.
For more details on each step kindly read this article: https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples every step I wrote here you can also find in this article.
Alternatively, you can check out our other VPN configuration examples here: https://wiki.teltonika-networks.com/view/RUT955_Configuration_Examples#VPN
Best regards,
Edvinas
by anonymous
Hi Edvinas

Thank you for this detailed answer

I greatly appreciate your help and the time you put in to your reply.

Will go through this first thing tomorrow and report back.

Bestcregards and once again thank you so much!

Simon
by anonymous
Will be waiting for the results then :)
0 votes
by anonymous

Hi Edvinas,

back with results as promised.

I have set up the Server on my RUT955  - it looks like this:

Then I continued to set the client up and after I finished this, I connected the RUT955 to the internet using MobileSIM and pasted the WAN IP-Address 10.157.65.79   in the .ovpn file.

Then I saved & uploaded the .ovpn file to the OPENvpn Software installed on my Desktop-PC and tried connecting.

Didn't work, but - - - LOG-File told me this:

2022-05-30 17:08:26 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

2022-05-30 17:08:26 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 16 2022

2022-05-30 17:08:26 Windows version 10.0 (Windows 10 or greater) 32bit

2022-05-30 17:08:26 library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10

2022-05-30 17:08:26 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

2022-05-30 17:08:26 Need hold release from management interface, waiting...

2022-05-30 17:08:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

2022-05-30 17:08:27 MANAGEMENT: CMD 'state on'

2022-05-30 17:08:27 MANAGEMENT: CMD 'log all on'

2022-05-30 17:08:27 MANAGEMENT: CMD 'echo all on'

2022-05-30 17:08:27 MANAGEMENT: CMD 'bytecount 5'

2022-05-30 17:08:27 MANAGEMENT: CMD 'hold off'

2022-05-30 17:08:27 MANAGEMENT: CMD 'hold release'

2022-05-30 17:08:27 TCP/UDP: Preserving recently used remote address: [AF_INET]10.157.65.79:1194

2022-05-30 17:08:27 Socket Buffers: R=[65536->65536] S=[65536->65536]

2022-05-30 17:08:27 UDP link local: (not bound)

2022-05-30 17:08:27 UDP link remote: [AF_INET]10.157.65.79:1194

2022-05-30 17:08:27 MANAGEMENT: >STATE:1653923307,WAIT,,,,,,

2022-05-30 17:08:38 [UNDEF] Inactivity timeout (--ping-restart), restarting

2022-05-30 17:08:38 SIGUSR1[soft,ping-restart] received, process restarting

2022-05-30 17:08:38 MANAGEMENT: >STATE:1653923318,RECONNECTING,ping-restart,,,,,

2022-05-30 17:08:38 Restart pause, 5 second(s)

#####################################################################

Please help!!!

Thank you!

by anonymous

I tried it in my local network, avoiding the internet for testing the VPN.

Using the same file, just local IP for the Server

The Log gives me some more promising information, but still doesn't connect. 

FYI:

2022-05-30 17:52:20 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

2022-05-30 17:52:20 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 16 2022

2022-05-30 17:52:20 Windows version 10.0 (Windows 10 or greater) 32bit

2022-05-30 17:52:20 library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10

2022-05-30 17:52:20 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

2022-05-30 17:52:20 Need hold release from management interface, waiting...

2022-05-30 17:52:20 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

2022-05-30 17:52:20 MANAGEMENT: CMD 'state on'

2022-05-30 17:52:20 MANAGEMENT: CMD 'log all on'

2022-05-30 17:52:20 MANAGEMENT: CMD 'echo all on'

2022-05-30 17:52:20 MANAGEMENT: CMD 'bytecount 5'

2022-05-30 17:52:20 MANAGEMENT: CMD 'hold off'

2022-05-30 17:52:20 MANAGEMENT: CMD 'hold release'

2022-05-30 17:52:20 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.120.254:1194

2022-05-30 17:52:20 Socket Buffers: R=[65536->65536] S=[65536->65536]

2022-05-30 17:52:20 UDP link local: (not bound)

2022-05-30 17:52:20 UDP link remote: [AF_INET]192.168.120.254:1194

2022-05-30 17:52:20 MANAGEMENT: >STATE:1653925940,WAIT,,,,,,

2022-05-30 17:52:20 MANAGEMENT: >STATE:1653925940,AUTH,,,,,,

2022-05-30 17:52:20 TLS: Initial packet from [AF_INET]192.168.120.254:1194, sid=49c8b572 dd316487

2022-05-30 17:52:21 VERIFY OK: depth=1, CN=Easy-RSA CA

2022-05-30 17:52:21 VERIFY KU OK

2022-05-30 17:52:21 Validating certificate extended key usage

2022-05-30 17:52:21 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2022-05-30 17:52:21 VERIFY EKU OK

2022-05-30 17:52:21 VERIFY OK: depth=0, CN=server

2022-05-30 17:52:31 [server] Inactivity timeout (--ping-restart), restarting

2022-05-30 17:52:31 SIGUSR1[soft,ping-restart] received, process restarting

2022-05-30 17:52:31 MANAGEMENT: >STATE:1653925951,RECONNECTING,ping-restart,,,,,

2022-05-30 17:52:31 Restart pause, 5 second(s)

by anonymous

Hello,

Sorry for the delayed answer.

The problem should be in the authentication method as it's written in this line: 

2022-05-30 17:52:21 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

Try to change the authentication method in your Router's OpenVPN configuration.

Best regards,

Edvinas