FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12731 questions

15123 answers

24272 comments

47329 members

0 votes
286 views 14 comments
by
Hi,

I would like do a remote access with my laptop connected to internet in Europe to a PC connected to the router.

The router is connected to a 4G mobile and has the CGNAT so a private IP address.

I think use OpenVPN Cloud.

Is it the right way ? And if yes, is there an example ?

best regards,

Pat

1 Answer

0 votes
by

Hello and thank you for contacting us, this is Martín, Tech Support Engineer from Teltonika Networks.

For this case you would need to add your device as an OpenVPN client to the OpenVPN Cloud service. You can do so by producing an .ovpn file on the platform and importing that file under the VPN configuration of the RUT955. 

Instructions to connect to the VPN with this file are attached here, under the Enable OpenVPN config from file setting.

This will enable you to connect to the VPN as a client, and to enable communication to the computer you will need to establish the correct routing rules as to allow the traffic from the laptop connected to the RUT955 to the network of the VPN. 

I have also attached here the Wiki page for the routing rules.

I remain attentive to any further questions.
Best regards.

Best answer
by

Hi Martin,

I created an account on OpenVPN Cloud. Could you guide me step by step to create an ovpn file ?


Best regards

by

Hello, and sadly I cannot help you with the creation of the OpenVPN file from OpenVPN cloud as this is a third party service, however, I have found this support document which can guide you through the steps to get the file.

Best regards.

by
Here is the connector file .ovpn from OpenVPN Cloud. Could you have a look and comment if it's seems ok ?

setenv USERNAME "yyyyyyy/connector/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
# OVPN_WEBAUTH_FRIENDLY_USERNAME=yyyyy/yyyyyyyyyyyy/connector01
# OVPN_FRIENDLY_PROFILE_NAME=yyyyyyy@yyyyyyyyy.openvpn.com [Zurich]
client
dev tun
remote ch-zrh.yy.openvpn.com 1194 udp
remote ch-zrh.yy.openvpn.com 1194 udp
remote ch-zrh.yy.openvpn.com 443 tcp
remote ch-zrh.yy.openvpn.com 1194 udp
remote ch-zrh.yy.openvpn.com 1194 udp
remote ch-zrh.yy.openvpn.com 1194 udp
remote ch-zrh.yy.openvpn.com 1194 udp
remote ch-zrh.yy.openvpn.com 1194 udp
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
persist-tun
nobind
verb 3
socket-flags TCP_NODELAY

<ca>
-----BEGIN CERTIFICATE-----
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
-----END RSA PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
-----END OpenVPN Static key V1-----
</tls-auth>
by

And here is the vpn client config in the router :

by

Hello, everything looks alright with the .ovpn file, however, I forgot to mention that the OpenVPN guide was based on older Firmwares which need additional configuration. The firmware running on your device does not need to manually set the OpenVPN keys and certificates, as it extracts them from the .ovpn file itself, so please turn off the "Upload OpenVPN authentication files" option.

Please configure the device as a client with the configurations shown on the imageExample OpenVPN Configuration from File

Best regards.

by

Hi Martin, When I click on SAVE & APPLY button I have an error message :

by

In this case, if you have set up HMAC authentication on your OpenVPN server, then you would need to add the relevant files to the HMAC authentication on the Teltonika device. Please refer to the OpenVPN documentation for the RUT955.

Best regards.

by
Hi Martin,

Sorry but I didn’t intentionally set  a HMAC authentication in the OpenVPN Cloud. So how to disable it or add it  ?
by
Hello, and to recap, how did you create the .ovpn file and which options did you set? On the option "Select Where to Deploy" did you select "Teltonika"?

You can try deleting the OpenVPN configuration and re-do it by only using the "Enable OpenVPN config from file", as this should clear the past attempt's configurations, which might be the root cause of the last error message you got.

Best regards.
by

Hi Martin,

After deleting the old configuration and re-add a new one,  the message has disappeared.

>>>how did you create the .ovpn file and which options did you set? On the option "Select Where to Deploy" did you select "Teltonika"?

From OpenVPN Cloud, I follow these steps :

  1.  I select "Create Network"
  2. "Remote Access"
  3. define a name of the network and the connector
  4. Define Routes to Private Resources:
    1.  Private Subnets : 192.168.1.0/24   (address of the LAN defined in the router ???)
    2. Private Domains  : empty 
  5. Deploy Network Connector myconnector :  select OpenVPN Compatible Router : Teltonika
  6. Get ovnp file.

The VPN Client status is still disconnected...

Here is the recap of OpenVPN Cloud :

Log from OpenVPN CLoud, it seems that the Router open multiple simultaneous connections then the router is disconnected:

by

Hello Patopat, I performed the same configurations you have, then downloaded the .ovpn profile and successfully connected to the OpenVPN correctly.

Have you tried performing a factory reset on the device and then trying to configure everything again? Instructions to do so are outlined here, on the button for "Restore to factory defaults".

I suspect this issue might be due to pre-existing configurations which might be interfering with the creation of the tunnel interface for the VPN connection.

Best regards.

by
Hi Martin,

Yes, your are right. Once reset to default factory, I added a VPN with the ovpn file and now is connected. :)

What is the next steps to view the device on LAN from my laptop ? I installed openVPN client v3.3.6.
by

Martin,

I'm connecting successfully with the OpenVPN Client and ping the router 192.168.1.1.

When I pinged the device connected to the LAN of the router, I didn't receive a response. Thanks to this post rms-vpn-issue-to-ping-device-connected-on-lan-from-ovpn-client, I added the default gateway and disabled the firewall and now I can ping and do a Remote Desktop connection on my device on LAN port.

So I have the same question, how to configure the firewall correctly on the device connected to the LAN of the router ?

by
Hello Patopat, I am glad you are reaching the LAN device connected to the RUT955.

Usually devices have their Firewall enabled by default, and from a security standpoint it's recommended to keep it that way, as this mitigates security risks.

Modifying Firewall rules on LAN devices themselves is out of our scope in Teltonika support, however we do recommend that you look for the official support pages on your LAN device manufacturer, and enable only the neccessary rules to allow for the connectivity you need (only enable the ports and the protocols needed).

Best regards.