FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
401 views 2 comments
by anonymous
Hi,
I have  an issue with the configuration openvpn in my RUT240 (firmware version RUT2_R_00.07.02.7).
I configured server via website in TAP (bridge) mode. My config is very simple and typical.

config openvpn 'myvpn'
option keepalive '10 120'
option _name 'myvpn'
list data_ciphers 'BF-CBC'
option persist_key '1'
option port '1194'                                                                                                                                       
option persist_tun '1'                                                                                                                                   
option verb '5'                                                                                                                                          
option type 'server'                                                                                                                                     
option dev 'tap'                                                                                                                                         
option enable_custom '0'                                                                                                                                 
option proto 'tcp-server'                                                                                                                                
option comp_lzo 'no'                                                                                                                                     
option _auth 'skey'                                                                                                                                      
option secret '/etc/vuci-uploads/cbid.openvpn.perun.secretsecret.key'
option cipher 'AES-128-CBC'                                                                                                                              
option _tls_auth 'none'                                                                                                                                  
option enable '1'

Server is enabled and active. When tries to connect in openvpn server from host windows or linux my network interface TAP doesn't get IP address from DHCP and no access to network. DHCP is configured on the interface eth0 RUT240. Eth0 and tap0 are in the bridge. My TAP client side interface get address 169.254.167.77 with netmask 255.255.0.0.

bridge name     bridge id               STP enabled     interfaces                                                                                               
br-lan          7fff.001e42404b81       no                     eth0                                                                                                     
                                                                                       eth1                                                                                                     
                                                                                       tap0                                                                                                     
                                                                                       wlan0

Client log:

2022-11-17 12:36:45 tap-windows6 device [OpenVPN TAP-Windows6] opened
2022-11-17 12:36:45 TAP-Windows Driver Version 9.24
2022-11-17 12:36:45 Successful ARP Flush on interface [22] {A67A2124-B2B2-4C95-ADC6-1D579FAB231E}
2022-11-17 12:36:45 MANAGEMENT: >STATE:1668685005,ASSIGN_IP,,,,,,
2022-11-17 12:36:45 TCP/UDP: Preserving recently used remote address: [AF_INET]31.0.212.78:1194
2022-11-17 12:36:45 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-11-17 12:36:45 Attempting to establish TCP connection with [AF_INET]31.0.212.78:1194 [nonblock]
2022-11-17 12:36:45 MANAGEMENT: >STATE:1668685005,TCP_CONNECT,,,,,,
2022-11-17 12:36:45 TCP connection established with [AF_INET]31.0.212.78:1194
2022-11-17 12:36:45 TCP_CLIENT link local: (not bound)
2022-11-17 12:36:45 TCP_CLIENT link remote: [AF_INET]31.0.212.78:1194
2022-11-17 12:36:45 Peer Connection Initiated with [AF_INET]31.0.212.78:1194
2022-11-17 12:36:51 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
2022-11-17 12:36:51 Initialization Sequence Completed
2022-11-17 12:36:51 MANAGEMENT: >STATE:1668685011,CONNECTED,SUCCESS,,31.0.212.78,1194,10.1.40.128,64181

Please can you help to solve this ?

Thank you and kind regards?
Tom

1 Answer

0 votes
by anonymous

Hello,

I have tried your scenario, but the issue seems specific to your set up. as I was assigned with the IP from RUT240 DHCP. Looking at the RUT240 logs, after the completion of initialization sequence, DHCP exchange occurs immediately:

Fri Nov 18 18:04:47 2022 daemon.notice openvpn(Server)[7022]: Peer Connection Initiated with [AF_INET]88.119.158.92:59175
Fri Nov 18 18:04:48 2022 daemon.warn openvpn(Server)[7022]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Nov 18 18:04:48 2022 daemon.notice openvpn(Server)[7022]: Initialization Sequence Completed
Fri Nov 18 18:04:50 2022 daemon.info dnsmasq-dhcp[3551]: DHCPDISCOVER(br-lan) 00:ff:48:b5:1c:e3
Fri Nov 18 18:04:50 2022 daemon.info dnsmasq-dhcp[3551]: DHCPOFFER(br-lan) 192.168.5.151 00:ff:48:b5:1c:e3
Fri Nov 18 18:04:50 2022 daemon.info dnsmasq-dhcp[3551]: DHCPREQUEST(br-lan) 192.168.5.151 00:ff:48:b5:1c:e3
Fri Nov 18 18:04:50 2022 daemon.warn dnsmasq-dhcp[3551]: Ignoring domain ad.teltonika.lt for DHCP host name net-bliujuszy
Fri Nov 18 18:04:50 2022 daemon.info dnsmasq-dhcp[3551]: DHCPACK(br-lan) 192.168.5.151 00:ff:48:b5:1c:e3 net-bliujuszy
Fri Nov 18 18:04:51 2022 kern.info Leased 192.168.5.151 IP address for client 00:ff:48:b5:1c:e3 - net-bliujuszy in LAN

Logs on Windows side, however, do not indicate anything.

Fri Nov 18 18:04:47 2022 us=404840 TAP-WIN32 device [Ethernet 6] opened: 
Fri Nov 18 18:04:47 2022 us=404840 TAP-Windows Driver Version 9.23 
Fri Nov 18 18:04:47 2022 us=404840 TAP-Windows MTU=1500
Fri Nov 18 18:04:47 2022 us=411112 Successful ARP Flush on interface [3] {48B51CE3-7118-499F-A271-F81F93994F6E}
Fri Nov 18 18:04:47 2022 us=411112 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:398 ET:32 EL:3 ]
Fri Nov 18 18:04:47 2022 us=411112 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,secret'
Fri Nov 18 18:04:47 2022 us=411112 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,secret'
Fri Nov 18 18:04:47 2022 us=411112 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:1194
Fri Nov 18 18:04:47 2022 us=411112 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Nov 18 18:04:47 2022 us=411112 UDP link local: (not bound)
Fri Nov 18 18:04:47 2022 us=411112 UDP link remote: [AF_INET]X.X.X.X:1194
Fri Nov 18 18:04:47 2022 us=520510 Peer Connection Initiated with [AF_INET]X.X.X.X:1194
Fri Nov 18 18:04:53 2022 us=85629 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Fri Nov 18 18:04:53 2022 us=85629 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Nov 18 18:04:53 2022 us=85629 Initialization Sequence Completed
Fri Nov 18 18:04:53 2022 us=85629 MANAGEMENT: >STATE:1668787493,CONNECTED,SUCCESS,,X.X.X.X,1194,,

Could you SSH into your RUT240, execute command logread -f, then restart the VPN connection to check if DHCP discovery is received from Windows side?

Could you also try disabling your computer's firewall, to eliminate possibility of it interfering?

Maybe you could reset the device to factory defaults and reconfigure only VPN connection, to check if previous firmware updates, if they were performed, or other configurations do not interfere to DHCP operation?

Best regards,

by anonymous
Thanks for your answer.

Currently, I am not able to check the configuration because I needed an active VPN connection and I used older software (which temporary worked for me) During my previous tests, I disabled Windows' firewall and i reset the device to factory defaults but all without success. In the near future, I will have a new router and I will retry again. I will keep you posted about the results.

Quick question - apart from executing command logread -f can I try anything else? Any other diagnostic tools or files in RUT240?

Best regards,
by anonymous
Could you share your client's file in a private message to review and do some additional testing?