FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
561 views 10 comments
by anonymous
Hi,

I would like to connect my Windows PC to the RUT950 with OpenVPN and a static key but the connection will note be established.

The OpenVPN Config look like this:

remote DYNDNS-IP
port 1194
proto udp
dev tun
tun-mtu 1500
ifconfig 10.0.0.2 10.0.0.1
route 192.168.63.0 255.255.255.0
fragment 1300
mssfix
secret static.secret
ping-restart 60
ping-timer-rem
persist-tun
persist-key
ping 10
comp-lzo
verb 4
mute 10
cipher AES-256-CBC
auth SHA256
auth-nocache

The Router config looks like screenshot attached:

Which Role (Client or Server) do I have to define on the RUT950?

Do I have to enable Open VPN in the Firewall?

When I try to connect the client with OpenVPN I get a timeout.

Thanks

HS

1 Answer

0 votes
by anonymous

Hello,

  

In this case, RUT950 should be the server, as it is the device with public (or at least accessible) IP address. 

Would you be able to upload the connection logs from the server and the client side?

Firewall settings should be applied automatically on the RUT950, and for the Windows side, you could try temporarily disabling the firewall and see if that helps.

One more thing I'd recommend is using OpenVPN in TAP mode, as it seems to work better on Windows.

  

Best regards,
DaumantasG

by anonymous
Hello,

I change the role to server.

I found "daemon.err openvpn(server_server_hs)[16825]: Authenticate/Decrypt packet error: packet HMAC authentication failed" in the server log.

I upload the client an server log file.

Best regards

HS
by anonymous
Do you have the necessary HMAC authentication files on both the server and the client?

At least from the options you provided in the original post, I cannot see any of the HMAC options.

If you did not intend to use HMAC, it should be disabled on the server.

  

Best regards,
DaumantasG
by anonymous

I want to use authentication with static key.

There is no field to enable/disable HMAC in the Main settings.

Best regards

HS

by anonymous

Hello,

In the screenshot, I can see the client configuration, would you like your RUT950 to be the server or your Windows machine?

Also, I'll ask you to update to the latest version of RutOS, which can be downloaded here, as you're using the legacy version of RutOS, which is no longer supported.

I'd recommend updating without keeping the settings and reconfiguring the OpenVPN server.

Also, additional HMAC authentication is only available when setting up an OpenVPN connection using TLS. You're using a static key, so your client or server configuration is not correct.

Here's a configuration example of how to set up an OpenVPN client on Windows, and here's an example of how to set up a server on our router.

  

Best regards,
DaumantasG

by anonymous

Hello,

I like to connect my Windows machine as a client to the RUT950 who should be the server.

I already tried to update the firmware but I get:

"Legacy-design (RUT950 *G1**) devices could not be upgraded to a firmware version newer than RUT9XX_R_00.07.00. Click here for more info. Ensure to get a correct firmware image and try to upgrade again."

Is it possible to connect a client with openVPN to this "Generation 1" RUT950 device?

best regards

HS

by anonymous

Hello,

  

It is possible, however, in this case, this guide should be followed, as it contains the instructions for legacy RutOS.

However, since the only device connecting to the RUT950 will be a Windows machine, I'd recommend using OpenVPN TAP mode in combination with a static key, as the configuration will be the easiest. Devices in the RUT950 LAN will also be reachable without pushing any routes.

  

Best regards,
DaumantasG

by anonymous
Hello,

I success with the connection to the RUT950.

First with TAP and also with TUN -DEV.

I comment line "fragment 1300"

Last error in Client Log at 1st line:
Fri Feb 10 14:36:47 2023 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled

and equal in server log:
Fri Feb 10 14:19:09 2023 daemon.warn openvpn(server_server_hs)[13229]: Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
Best regards

HS
by anonymous
Hello,

just to clarify, is everything working now? The logs you have attached seem to indicate warnings and not errors, so the connection should still establish.

Best regards,
DaumantasG
by anonymous
Hello,

yes the connection is established.

Last 2 Questions:

The connection will only establish after 4-5 timeouts? Any Idea why?

When a second user want to connect from a second Windows PC to the router, it is possible to have a second server role on the router defined?

Best regards

HS
by anonymous

Hello,

  

  • The connection will only establish after 4-5 timeouts? Any Idea why?
    • Hard to say why this could happen without seeing the new logs, but you could try lowering the ping-restart value and see if it changes anything. Could be connection or authentication-related issue.
  • When a second user want to connect from a second Windows PC to the router, it is possible to have a second server role on the router defined?
    • In your case, TLS authentication would be needed for multiple clients to connect to the same server. More information about the TLS setup can be found here.

   

Best regards,
Daumantas G.