FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
603 views 5 comments
by anonymous

Hi Teltonika Gurus,

We have a RUT955 that while connected through an IPSEC connection we are able to reach the Teltonika local IP (tracert) but get refused at the WEBUI page. PUBLICIP:5555 works.

When connected directly to a Teltonika LAN port we can access the page LOCALIP:5555 without issues.

Maybe someone here can see where im missing something.

Troubleshhot file attached

1 Answer

0 votes
by anonymous
Hi,

Accordingly to your 'Enable_HTTPS_WAN' rule configuration, please try the following discarding procedure:

1. Verify the IPsec tunnel is enabled. Log into your router CLI and execute the following command:

ipsec status

Note: you should get the tunnel established and see both LANs connected by this string "===".

2. Confirm you are trying to connect to the device WebUI from one host on the listed networks.

3. From your laptop within the previous IP address network, open up your cmd interface and execute the following command:

telnet LOCALIP 5555

Note: substitute the LOCALIP with your remote router br-lan IP interface.

4. From your web browser's laptop, enter the following URL:

https://LOCALIP:5555/

Note: substitute the LOCALIP with your remote router br-lan IP interface.

I will wait for you to share the output you get in the steps commented on above for further assistance.

Regards.
by anonymous


1. ipsec status output -

root@Teltonika-RUT950:~# ipsec status

Security Associations (1 up, 0 connecting):

G4SMainOff-G4SMainOff_c[10]: ESTABLISHED 2 hours ago,

***

G4SMainOff-G4SMainOff_c{11}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: *

G4SMainOff-G4SMainOff_c{11}: 10.12.11.0/24 === 10.220.0.0/16

G4SMainOff-G4SMainOff_c_1{12}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: *

G4SMainOff-G4SMainOff_c_1{12}: 10.12.11.0/24 === 10.132.55.0/27

IP of Teltonika is = 10.12.11.1

IP of computer on the other side of IPSEC tunnel - 10.220.1.184

trying to access https://10.12.11.1:5555 gives a Timeout to page

trying to access to telnet 10.12.11.1 5555 gives connection to host lost

IP of my computer connected directly to the Teltonika - 10.12.11.100

access to https://10.12.11.1:5555 works

TELNET gives a full black screen with a blinking cursor

by anonymous
Hi,

For security reasons, I have edited your comment to hide some sensitive information you posted. Please remember this is a public forum; hence, your comments are open to the eyes of the world.

Regarding your issue, it seems that port 5555 is not opening for remote connections. For now, please try enabling HTTP remote connections on the router port: 80  to check if it connects through the VPN tunnel connection.

To enable the port 80 remote connection, refer to the link below:

https://wiki.teltonika-networks.com/view/RUT950_Administration#General_2

Also, please connect to your router CLI and execute the following command:

/etc/init.de/ipsec restart

To connect to the router CLI, refer to the link below:

https://wiki.teltonika-networks.com/view/RUT950_CLI

In case you can't access the CLI, remove the IP block address on the security tab:

https://wiki.teltonika-networks.com/view/RUT950_Administration#Security

I look forward to reading your reply.

Regards.
by anonymous
Hi,

I haven't heard a new comment from you; however, in case you still have this issue, please create a custom rule as follows:

Custom rule to allow remote connection:

Name: <Rule name>

Restrict to address family: IPv4 [select IPv6 only if necessary!]

Protocol: <Select appropriate protocol> [TCP for SSH/HTTP/HTTPS]

Source zone: WAN

Source MAC address: Any

Source IP address: Any [or specify the public IP address of remote endpoint]

Source port: Any

Destination zone: Device (input)

Destination address: <Device LAN IP>

Destination port: <Specify port> 5555 * your desired port.

Action: Accept

Extra arguments: -m policy --dir in --pol ipsec --mode tunnel --tunnel dst 0.0.0.0/0 --tunnel src 0.0.0.0/0

I hope this helps to solve your query; I will keep an eye on your comments.

Regards.
by anonymous
Thanks for getting back to me.. but unfortunately none of the above has resolved my issue.
by anonymous
Hi,

Please follow the steps below:

Factory reset your device and try the last recommendation using ports 443 and 80 for the remote connection instead.

Share the troubleshooting file if the above does not work.

I will be waiting for your answer.

Regards.