FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12691 questions

15070 answers

24150 comments

47148 members

0 votes
98 views 4 comments
by

RUT955 blocking access to remote server

Hi, I use the RUT955 at our offices as our main internet gateway manager, as we have a main WAN connection through the WAN ethernet port, and have the Mobile connection acting as a failover, as we have regular internet connectivity issues.

We also have a cloud hosted server (with a static public IP) that we use for data processing that connects via VPN.

RUT955 Firmware: RUT9XX_R_00.06.09.2

We always were able to connect to the cloud server via RDP, but all of a sudden the server cannot be pinged, connected to via RDP and as a consequence the VPN is not running.

The strange thing is that when running a trace route to the cloud server it keeps getting stuck on the RUT955's IP. (I'll attach a screenshot)

As a test I temporarily disabled my PC's firewall and antivirus, but nothing seems to change. I also set up a traffic rule the specifically allows both incoming and outgoing traffic to that IP, but still have had no joy.

The strangest thing is that if I set up my mobile as a hotspot and connect to it, there are no problems, but as soon as the RUT955 is handling network traffic everything falls apart. 

I have upgraded to the latest firmware, reset the RUT955, downgraded it to an older firmware, checked the cloud server's firewall and networking rules, but so far I have had no success.

The strange thing is no configurations have changed on the RUT955 or the cloud server.

I don't know if I'm missing something really simple, but I'm currently at a loss on how to proceed further. Any help would be highly appreciated

1 Answer

0 votes
by
Hi,

Please provide your router troubleshooting file to take a look at it, and your current topology with a brief description of your service scenario.

Regards.
Best answer
by
Hi. I have uploaded the troubleshoot file
by
Hi,

By looking into the router Tshoot file configuration and logs, it seems you have multiple routes to this destination: 19X.2XX.X.0/24, and that you have defined the gateway as the LAN IP interface 192.168.9.1, probably causing the routing loop shown in the picture attached.

Additionally, you have configured an alias for the LAN interface with the IP 192.168.12.1/24 and gateway 192.168.12.5; however, the WAN wired interface gets through DHCP the IP address 192.168.12.100/24, which may cause another routing conflict.

On the other hand, I don't fully understand the purpose of the following router configuration:

config route

option table 'main'

option interface 'ENXXXXX'

option target '19X.2XX.X.0'

option netmask '255.255.255.0'

option gateway '192.168.0.20'

Maybe, it is something that remains from a previous configuration. Please confirm or attach your topology to clearly understand your current scenario.

Right now, from your route table, I can tell the router thinks it can reach the IP address 19X.2XX.X.X/24 through the IP gateway 192.168.8.100, which is another alias for the LAN interface.

Hence, as a first step, please remove the conflicting routes mentioned above and check all these aliases' configurations.

Note:

For security reasons, I'm not fully exposing your public IP address. 19X.2XX.X.X.

I look forward to reading your comments.

Regards.
by

Hi,

Thanks so much for the feedback, and your consideration for our network security

Removed gateway configurations, as well as the 192.168.12.1/24 IP alias. The 192.168.8.1/24 IP alias is required for the VPN to expose local LAN to the VPN server.

I went and checked the routing. There was only one route previously. I removed the additional routes, and have changed the password for the RUT.

The [config route  |  option table 'main'  |  option interface 'ENXXXXX'  |  option target '19X.2XX.X.0'  |  option netmask '255.255.255.0'  |  option gateway '192.168.0.20'] is for the VPN to expose local LAN to the VPN server.

The gateway 192.168.8.100 is the DHCP server for in-office network, the RUT955 is acting as a WAN gateway manager and VPN client.

After completing the above changes everything seems to be working now. I will keep monitoring for any abnormalities.

Fingers crossed this is permanently resolved.

I will have to implement stricter IT security policies with regard to who has access to key infrastructure devices. (Wish me luck on that)

But again a huge thank you for all of you advice and feedback. 

by
Hi,

I'm glad it is working now. I hope you don't get any bad outcomes from the current changes, and best wishes to you to successfully implement stricter IT security policies.

If you need further assistance, don't hesitate to contact us.

Regards.