FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
5,859 views 15 comments
by anonymous
Hello,

i have a RUT240 with a "1nce" SIM Card inserted. I can reach the device through the 1nce-OpenVPN connection.

How can I reach a device with a static IP in the Routers LAN over OpenVPN? Do I need to set a Port Forward rule?

Thank you!

4 Answers

0 votes
by anonymous

Hello,

  

There are a few options for reaching the LAN devices via the OpenVPN connection:

  • Configure the TLS client on the OpenVPN server:
    • If your OpenVPN client is configured as a TLS client on the server, you can push the routes to the client, and the server will be able to reach the LAN network of the device.
    • This way there won't be a need to set up port forwarding, and you can interact with the devices directly;
    • More information on how this can be achieved can be found here;
  • Setup the port forwarding:
    • This will be an easier option. To achieve this, simply navigate to Network → Firewall → Port Forwarding and create a new rule, where the source zone is OpenVPN, and the destination zone is the LAN. Destination IP is the IP of the device that you'd like to reach. This way, to reach the device you'll need to use the virtual tunnel IP of your RUT240.
Hope this helped! Let me know if any additional information is needed!

  

Best regards,
DaumantasG 

Best answer
by anonymous
The problem is, that i only reach the device over the 1nce's OpenVPN. I created a connection to their server, than i can reach the router through static IP of the SIM.

If i try it like you described, i just reach the router. I need some additional Port like: 192.168.1.1:81

How can i do that?

The first option won't work for me because i can't configure the OpenVPN Server, I'm just using it.
by anonymous

Hello,

In this case, you'll need to set up port forwarding as described in the second option.

  • Navigate to Network → Firewall → Port Forwards;
  • Create a new rule with:
    • Any name
    • External port: 81
    • Internal IP address is the device you are trying to reach in LAN (e.g. 192.168.1.120);
    • Internal port: 80;
    • When the advanced configuration window opens up, change the source zone to OpenVPN instead of LAN.
  • Try reaching the device by connecting to the OpenVPN server, and using the virtual IP assigned to the RUT240 and the needed port number (e.g 10.0.100.1:81)
Let me know how it goes!
Best regards,
DaumantasG
by anonymous
I'll get: ERR_CONNECTION_REFUSE
by anonymous
Hello,

I'll ask you to generate a troubleshoot file. This can be done by navigating to System → Administration → Troubleshoot. the file can be attached to the original question and will only be visible to Teltonika moderators.

Best regards,
DaumantasG
by anonymous
Where can I generate that?

When i set the protocol to "any", i can reach my device. But then i can't reach the routers interface.
by anonymous

Hello,

  

It can be generated by navigating to System → Administration → Troubleshoot in the WebUI.

What port of the LAN device do you need to reach?

EDIT: The source zone of the port forwarding rule needs to be WAN, as this is where you will technically be accessing the router from.

  

Best regards,
DaumantasG

by anonymous
I add it to the question.

Should be Port 80. But i think, i should speak to the device with VPN-IP:81 and it should direct me to LAN-DEVICE-IP:80
by anonymous

Hello,

  

In the troubleshoot file I can see that the port forward rule is disabled. could you enable it and check again?

Also, make sure you are not connected to the LAN of the device when trying to reach it. You should connect to the OpenVPN from any other network.

  

Best regards,
DaumantasG

by anonymous
i updated the file.

Is there some issue with the tcp? Because with the option "any", i can reach my device. But then I can't reach the router.
by anonymous
Hello,

  

This means that you are either using UDP to reach your device or the wrong port number.

"Any" protocol passes all of the incoming traffic to the specified device, as "Any" includes protocols like ICMP, which do not use port numbers.

Try changing the rule to TCP+UDP, if this does not work, then the wrong port is used. I would recommend trying 443, which is a standard port for HTTPS.

  

Best regards,
DaumantasG
by anonymous
As external or internal address?
by anonymous
The internal IP address is the address of the LAN device, external IP should be left empty.

Create two rules, one with external port 8080, and internal 80.

Another with external port 8443, and internal 443.

Leave protocol as TCP+UDP;

Source zone: WAN;

External IP address: Any;

Then try connecting using the WAN IP and port number. An example could look like this:

10.250.20.52:8080 or 10.250.20.52:8443.

Make sure you are connecting from a PC that is not physically connected to the RUT240, but it is connected to the carrier VPN.
by anonymous
Now it's working! Thank you very much!
by anonymous
Glad I could help!
0 votes
by anonymous

Hello,
If you want to access a certain service of a computer in the RUT240 LAN network via OpenVPN, a port forwarding must be set up.

Network → Firewall → Port Forwarding

Here is an example for HTTP on computer 192.168.1.101.

Then set the source zone to OpenVPN.

Now you can reach the service via http/VPN-IP:81.

by anonymous
I did it like that, but i'm always redirected to the Routers WebUI
0 votes
by anonymous
Have you adjusted the Internal IP address, External port and Internal port to your network?
And then called up e.g. via http://192.168.1.101:81?
0 votes
by anonymous

Can you set VPN as the source zone?