FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
240 views 7 comments
by anonymous
Hello everybody!

I have a pfSense server setup with several clients. All clients are Teltonika RUT955 router's.
After setting up the site-to-site connection I have no problems connecting either side of the network - I can ping the the server side from the client side and vice versa. But after a few hours or sometimes maybe even minutes I lose connectivity from the client side to the server network, ping is 100% loss. But from the server network side the client network is still accessible. To regain connectivity I have to reboot the router or restart the VPN connection. The routing table seems to have a route to the server network at all times and the VPN connections stays connected at all times.

The OpenVPN config on the router:

config openvpn 'client_Ex'
        option persist_key '1'
        option port '1194'
        option _role 'client'
        option dev 'tun_c_Ex'
        option verb '5'
        option nobind '1'
        option proto 'udp'
        option _auth 'tls'
        option cipher 'AES-256-CBC'
        option _tls_cipher 'all'
        option resolv_retry 'infinite'
        option auth 'sha1'
        option _tls_auth 'tls-auth'
        option tls_auth '/lib/uci/upload/cbid.openvpn.client_Ex.tls_auth 1'
        option auth_key_direction '1'
        list _extra 'ns-cert-type server'
        option ca '/lib/uci/upload/cbid.openvpn.client_Ex.ca'
        option cert '/lib/uci/upload/cbid.openvpn.client_Ex.cert'
        option key '/lib/uci/upload/cbid.openvpn.client_Ex.key'
        option remote 'xxx.xxx.xxx.xxx'
        option enable '1'
        option _route '192.168.10.0'
        option route '192.168.10.0 255.255.255.0'
        option client '1'

192.168.10.0 is the server network.

I am out of ideas and would greatly appreciate any input how to troubleshoot this.

2 Answers

0 votes
by anonymous

Hello,

I would like to get a complete troubleshoot file, including the logs of OVPN connection, from the router. Please attach it by editing your question. First, make sure to replicate the issue, that is, the client device is unable to ping the server. Next, access router's WebUI, go to System -> Administration -> Troubleshoot section and download troubleshoot file from there. The logs in the file might provide more insight into the issue.

Attached files are private and visible only to Teltonika Moderators.

Best regards,

by anonymous
Log attached. I rebooted the router and waited till the connectivity was lost and then saved the log files.

Thanks for the swift answer.
by anonymous

Hello,

Could you try to remove remote network IP address and remote network subnet mask values from client's configuration?

These values are pushed by the server anyway, yet the device indicates failing to add this route, which might be due to this redundancy in the configuration.

There is also a warning to keep in mind, though replacing this option may not help:

  • WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead

Another suggestion would be to update your device's firmware. If you have important configurations, and may want to revert, make a backup first. 

Latest device firmware can be downloaded from here. When updating, set Keep settings option to off. Be aware, that due to the difference between versions, you may not be allowed to update via WebUI, thus follow update via bootloader menu. For instructions refer here.

Best regards,

by anonymous
I actually have already tried all these things, but i had another go. Upgraded to the latest legacy FW (have also tried the new FW's), switched to "remote-cert-tls server" and removed the "remote network ip address and mask". The outcome is still the same, everything works for a hour or so.
by anonymous
Would it be possible to get a troubleshoot file from the latest firmware?

Best regards,
by anonymous
Hello,

new troubleshoot file uploaded.

Best regards,

Romel
by anonymous
The file you have attached has latest legacy installed. I would like one from the latest new firmware 7.3.4, as legacy is almost not supported, due to which, most likely, your issue will not be looked at soon.

Best regards,
by anonymous
Sorry about the confusion. Updated to the latest FW. New file uploaded.
0 votes
by anonymous
Status update, I have added RUT956 to the mix, with the latest FW, the issue persists. If it helps I can add the troubleshoot file from the latest FW.