FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
246 views 3 comments
by anonymous
Hello together,

hope you are having a nice day. I have been setting up a OpenVPN network with a server and two clients. One of the clients is the RUTX12 with a camera in it's subnet. My goal is to reach the the camera from the other client but I'm not able to do that so far.

In order to achieve this I have been following the following guidelines:
-https://openvpn.net/community-resources/expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet/
-https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples#Reaching_a_device.27s_LAN_network

I have set up the OpenVPN Server in a way that Client-Client communication is allowed. Additionally I have specified the subnet 192.168.0.0/24 as a reachable subnet inside the server settings. I also allowed access to the same subnet in the settings of the user from all other clients. On the router side I added traffic rules such that forwarding from OpenVPN to LAN is allowed and vice versa.

If it helps I can tell you that I am able to ping VPN clients from the LAN side behind the RUTX12 but not vice versa. In the TCPdump you can just see that the TCP packets are not answered by the camera behind the router.

Is this sufficient or do I have to setup a static route instead? Or is there something else I missed? I have been trying for dozens of hours now but can't get behind the problem. I would really appreciate your help.

1 Answer

+1 vote
by anonymous
Hi,

Since many possible reasons might be interfering with your camera connection, I would appreciate it if you can confirm and verify the following asked information:

1. You can ping the camera IP address from your router LAN interface or any other host connected to your RUTX12 LAN.

2. Check the routing table on your RUTX12, your server, and the other client.

3. Comment from which IP address you are currently trying to ping the camera IP address.

4. Discard any network overlap issues.

5. From your server, ping the IP camera and the RUTX12 tunnel interface.

6. Confirm you have created the CCD directory and your server can access the configured "iroute" statement.

7. Share your RUTX12 troubleshooting file to discard any possible misconfiguration on your OpenVPN or firewall zone rules.

https://wiki.teltonika-networks.com/view/RUTX12_Administration#Troubleshoot_2

8. If possible, share a network topology of your current scenario.

I will keep an eye on your comments.

Regards.
Best answer
by anonymous

Hi,

thanks for your answer. Here the answers to your questions:

1. I can ping the camera (192.168.0.92) from the RUTX12 (192.168.0.1)

2. I followed this guide (https://openvpn.net/community-resources/expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet/) to set routes for the OpenVPN server, enabled client-to-client, pushed the routes and made the client config with the "iroute". On the RUTX12 side I have done nothing so far but adjusting the zone rules such that openvpn traffic is accepted in any case. I played around with static routes but it didn't work and routing tables under "Advanced Static Routes" is empty so far.

3. I am trying to ping the camera from the server 10.8.0.1 and a different client 10.8.0.2. I am able to ping the router under 192.168.0.1 from both devices in the VPN but not the camera.

4. I think I should be fine since there is no overlapping subnets. The server is on a different local network as well as the second client.

5. I am able to ping the RUX12 under its VPN address 10.8.0.3 and under the local address 192.168.0.1 but not the camera 192.168.0.92

6. I added the "client-config-dir ccd" statement in the server config as well as the "iroute 192.168.0.0 255.255.255.0" in the client1 (client name of the RUTX) config. I think it is also working since I can ping 192.168.0.1 from server and client but if there is a better way to confirm it please go ahead and tell me.

7. https://community.teltonika-networks.com/?qa=blob&qa_blobid=8003111067058603538

8. Server: 10.8.0.1 (VPN) 172.16.0.4 (LAN); Client2: 10.8.0.2 (VPN) 192.168.178.151 (LAN), Client1 (Camera): 10.8.0.3 (VPN) 192.168.0.1 (LAN)

Thanks for your help

by anonymous

Additionally I got a TCP dump file recording some pings from a second machine in the RUTX subnet (192.168.0.239) to the VPN server (10.8.0.1) and the other way around. The pings from the machine in the RUTX subnet to the VPN server are answered but not those from the server to the device in the subnet of the RUTX.

https://community.teltonika-networks.com/?qa=blob&qa_blobid=10711394611224194099

by anonymous
I was able to get it running now. It turned out that after all it all was setup correctly.

The problem was with the camera blocking the requests. Unfortunately my second test device for validation (a windows laptop) didn't allow the access either. That's why I assumed something must be wrong elsewhere.

Thank you anyway for your time and sorry for the mistake. If there is any more info you need out of interest I'm happy to provide you with it.