WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUTX12 as openvpn client does not forward traffic.

0 votes
279 views 1 comments
by anonymous
Hi everybody,

I am configuring a RUTX12 (firmware RUTX_R_00.07.00) to enable access from our office network to a remote site. Internet connection att the remote site is 4G behind carrier NAT. The RUTX12 runs as an openvpn client against our office pfsense router/firewall. The tunnel seems to be up and running correctly. But I can't seem to get traffic to traverse the RUTX12 between networks.

Network topology:

192.168.4.198  <-- office LAN --> 192.168.4.1/24 pfsense 192.168.44.1/24 <-- openvpn --> 192.168.44.2/24 RUTX12 192.168.1.1/24 <-- remote LAN --> 192.168.1.207

RUTX12 (from shell) can ping all.
192.168.4.198 can ping 192.168.4.1, 192.168.44.1
192.168.1.207 can ping 192.168.1.1, 192.168.44.2
pfsense can ping 192.168.4.198, 192.168.4.1, 192.168.44.1, 192.168.44.2
Others time out.

Pings from 192.168.1.207 to 192.168.44.1, 192.168.4.1 or 192.168.4.198 are not visible when package dumping on pfsense openvpn inteface.

I have tried opening firewall rules between lan and openvpn. Accept policy, explicit accept rules etc. , no masquerading. I took a quick look though the chains with iptables. Couldn't find an explanation. Finally flushed filter FORWARD chain manually. No change.  

Routing on RUTX12 is (exterior ip hidden):

root@Teltonika-RUTX12:/etc/config# ip route
default dev qmimux0 proto static scope link src xxx.xxx.246.250 metric 4
xxx.xxx.246.250 dev qmimux0 proto static scope link metric 4
192.168.1.0/24 dev br-lan proto static scope link metric 1
192.168.4.0/24 via 192.168.44.1 dev tun_c_lsx_rem
192.168.44.0/24 dev tun_c_lsx_rem proto kernel scope link src 192.168.44.2
root@Teltonika-RUTX12:/etc/config#

Also checked /proc/sys/net/ipv4/all/forwarding, /proc/sys/net/ipv4/tun_c_lsx_rem/forwarding, /proc/sys/net/ipv4/br-lan/forwarding. All 1.

I must be missing something obvious here. All ideas welcome.
Troubleshooting file appended.

Thanks!

Magnus

1 Answer

0 votes
by anonymous

Hello,

I would first highly recommend to update your device's firmware to the latest with Keep settings option disabled, then reconfigure the router and see if that helps. You can download the firmware image from here.

Based on the logs, the tunnel gets established and later restarted due to inactivity. The unusual thing is that every packed received by mobile interface is dropped: RX packets:19395 errors:0 dropped:19395 

Best regards,

by anonymous

Hi,

Thank you

Firmware updated and configuration re-entered. (My bad. Must have mistaken the "version available on server" with the installed one and thought it was up to date.)

However I still seem to have the same symptoms.

After reset I have done the following:

Run suggested configuration wizard and got internet connection up.

Re-entered openvpn configuration and confirmed tunnel is up.

Changed firewall general settings Forward to Accept.

Changed firewall zones openvpn => lan settings Forward:Accept and Masquerading:off.

Changing masquerading to on gives me the expected function. 192.168.1.207 can now ping 192.168.4.198 and others.

Not really what I am after though.

The dropped packages do seem odd. Where do you see this? The counters on the interfaces look ok to me now.

Double checked that pings from 192.168.1.207 to 192.168.44.1 are not visible in packet dump on pfsense. It does not seem that the only problem is that packets entering RUTX12 via tunnel from the wan side are dropped.

192.168.1.207 has access to internet hosts without problem.

Thanks.

Magnus