WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUTX11 OpenVPN does not connect anymore

0 votes
473 views 9 comments
by anonymous

Hello,

I am trying to setup OpenVPN with NordVPN but having a lot of trouble. First the status (both UDP and TCP) said Connected but I had no internet access. Now after upgrading to actual firmware RUTX_R_00.07.03 the status remains Disconnected. Until November I had absolutely no issues so I am wondering what has changed in the meantime. Troubleshoot file attached. 

Thank you.

1 Answer

0 votes
by anonymous

Hello,

  

Thank you for reaching out!

The first steps would be to delete the NordVPN instance, download a new .ovpn file and create a new instance with the option "VPN servers" set to custom, and upload the downloaded file. Double-check the credentials, perhaps the password has changed? Also, setting the MTU size on the mobile interface may help. This can be done by navigating to Network → Interfaces → General → mob1s1a1 (if SIM1 slot is in use) → press the pencil icon → Advanced settings → Override MTU: 1500.

I'm seeing some interesting authentication errors in the logs. If recreating the instance does not help, please try resetting the device to factory defaults.

If it still does not help, please generate another troubleshoot file after replicating the issue.

We also have a YouTube video on NordVPN configuration on our devices.

  

Awaiting your response!

Best regards,
DaumantasG

by anonymous
Hello DaumantasG,

thank you very much for your quick response. I now deleted the existing setup and created a new OpenVPN connection to a new NordVPN server, but to no avail. The status remains Disconnected. I also added the MTU value 1500 but this also does not help. To be honest I am a little afraid to reset the devise to factory defaults as I am not aware of all the required individual settings of the device. Concerning the NordVPN credentials: I copied them from my NordVPN account page, did you have the case in the past that those were incorrect? I attach a troubleshoot file again, maybe you have any other solution?

Thank you very much.

Volker
by anonymous
Hello,

I've been able to verify, that the service works. I've used a preset built into the router and it was able to connect.

However, I've replicated the issue when using files downloaded from the NordVPN site. Please use the built-in presets for the time being.

Can you confirm that a file downloaded from the NordVPN site was in use when the ticket was created?

Best regards,
DaumantasG
by anonymous

Actually, the .ovpn file can also be used.

To connect to NordVPN using their file, this configuration example can be followed. Because it was created for an older version of RutOS, there are some new options added. To summarize the differences:

  • Enable external services: Disabled;
  • OpenVPN configuration file: Fire downloaded from NordVPN;
  • Upload OpenVPN authentication files: Enabled;
  • Authentication algorithm: SHA1;
  • Use PKCS #12 format: Disabled;
  • Certificate file: Open the downloaded .ovpn file in the notepad, and copy the CA certificate, which begins with the line:
    • -----BEGIN CERTIFICATE-----
  • and ends with the line:
    • -----END CERTIFICATE-----
  • Paste this certificate into a new notepad window (including the Begin Certificate and End Certificate lines), and name the file ca.cert.pem (make sure that the .txt extension is not present)
  • Upload this file to the Certificate authority file selection field.

And the router should connect. I'll investigate this issue further and will report it to our RnD team.

  

Best regards,
DaumantasG 

by anonymous
Hello DaumantasG,

I can confirm that the file from NordVPN was in use when creating this ticket.

Now I processed as per your description but still without being able to connect. First by changing the existing OpenVPN instance, and when this didn't work I deleted this one and created a new one. It is correct that the described setup does not contain my user/password from NordVPN? Is choice "TLS" correct for authentication? Or does this has to be "Password"? However if password is chosen I am unable to add the certificate authority. I added two screenshots displaying the settings I made, the .pem file and a new troubleshoot file.

Thanks again for your support.

Volker

Sorry, .pem file cannot be attached here so I added the NordVPN file
by anonymous

Hello,

  

Sorry for not being more detailed. Here is what the configuration should look like:

Instead of TLS, Password Authentication should be used. Does the "Certificate authority" field not appear at the bottom? Make sure the "Certificate files from device" option is unchecked.

  

Best regards,
DaumantasG

by anonymous

Hi DaumantsG,

thank you for providing the screenshot. I can confirm that this is working and the status is Connected. However, it seems I do not have internet access via this VPN as the IP address did not change. It is still the same than before. Do you have any more ideas?

Thank you.

Volker

by anonymous

Hello,

  

It seems like the firewall rule did not update properly for some reason. This usually happens automatically, however, to fix it, navigate to System → CLI. Log in using these instructions and run these commands:

uci set firewall.22.network='openvpn'
uci commit
/etc/init.d/firewall restart or simply a full router reboot

If all goes well, all of the traffic should be routed through NordVPN. To check if you're accessing the internet using NordVPN, go to nordvpn.com and at the top of the page you should see a message similar to this:

Let me know if this helps!

Best regards,
DaumantasG

by anonymous
Hello DaumantasG,

I made a reboot as I was unable to enter the details to CLI. Now the status says Connected but there is still the previous IP address used. When opening the configuration again the username/password is not present anymore. I again deleted the VPN instance and created a new one, it says Connected again but when opening via edit, the username/password disappeared again.

Best regards,

Volker
by anonymous

Hello,

This might be a long shot, but are you sure when opening the edit window that there is no scroll bar on the side? Sometimes it may not be visible.

However, if the status says connected, but your public IP is still the old one, this is more likely to be an issue with the firewall not routing all of your traffic through the VPN tunnel. In this case, I'm afraid, the factory reset might be the best option. Do you have anything more complex configured on your router (many static leases, Modbus devices, etc.), that would take a lot of time to set up again?

I'd also advise against using the backup feature, as the corrupted configuration files can be transferred back to the new install.

EDIT: regarding my last message, a reboot was only an alternative for the last command, the first two would still need to be entered via CLI. What was the issue with CLI?

Awaiting your response!

Best regards,
DaumantasG