FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
+1 vote
227 views 4 comments
by anonymous

Hello,

I want to access a device that is connected to the RUT950 (mobile internet) via the LAN port over the RMS VPN.

The device is a test device (cab printer). It works fine if I set up the DHCP option, but some of our devices don't support DHCP and you have to set a static IP/Subnet/Gateway/DNS. We use a lot of RUT routers for a variaty of different projects and a solution would be great.
The DHCP options sets the test device to:

IP Subnet
192.168.1.119 255.255.255.255

The remote access from the rms portal works and also the access over the vpn connection with dhcp, but as I set a static IP,... it can't connect anymore. I manually set the IP and Subnet in the VPN hub routes, for example:

RMS VPN Hub routes (LAN forwarding active)
IP Subnet
192.168.1.101 255.255.255.0

and on the test device:

IP Subnet Gateway DNS
192.168.1.101 255.255.255.0 192.168.1.1 0.0.0.0

I tried to change the subnet to 255.255.255.255 (the same as in the dhcp configuration), leave the gateway empty, change dns settings to 8.8.8.8, but nothing seems to work.

Can you help me to establish a VPN connection with a static device configuration?
I also included the troubleshooting file if that helps.

I appreciate any help you can provide as I am a bit clueless how to solve this problem.

1 Answer

0 votes
by anonymous

Hello,

From the file, the ARP table of RUT950 does not contain an entry of 192.168.1.101. Can you ping this device from the RUT950 via SSH?

Also, have you tried to configure a static lease from the RUT950? It can be done from Router's WebUI Network -> Interfaces -> Static leases page.

Awaiting for your reply.

Best regards,

Best answer
by anonymous

Heyy,
I am able to ping the mentioned device through ssh.

SSH PING
root@Teltonika-RUT950:~# ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101): 56 data bytes
64 bytes from 192.168.1.101: seq=0 ttl=64 time=0.621 ms
64 bytes from 192.168.1.101: seq=1 ttl=64 time=0.533 ms
64 bytes from 192.168.1.101: seq=2 ttl=64 time=0.591 ms
64 bytes from 192.168.1.101: seq=3 ttl=64 time=0.538 ms
64 bytes from 192.168.1.101: seq=4 ttl=64 time=0.526 ms
64 bytes from 192.168.1.101: seq=5 ttl=64 time=0.601 ms

... but I am not able to ping it through the cmd utility from my windows computer that is connected through vpn.
Virtual IP from the RUT router is reachable,
 

ping 192.168.255.6 with cmd*
Antwort von 192.168.255.6: Bytes=32 Zeit=128ms TTL=64
Antwort von 192.168.255.6: Bytes=32 Zeit=129ms TTL=64
Antwort von 192.168.255.6: Bytes=32 Zeit=145ms TTL=64
Antwort von 192.168.255.6: Bytes=32 Zeit=127ms TTL=64

Ping-Statistik für 192.168.255.6:
    Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 127ms, Maximum = 145ms, Mittelwert = 132ms

 but the device ( 192.168.1.101 ) isnt.
 

ping 192.168.1.101 with cmd*
Antwort von 62.155.247.172: Zielnetz nicht erreichbar.
Antwort von 62.155.247.172: Zielnetz nicht erreichbar.
Antwort von 62.155.247.172: Zielnetz nicht erreichbar.
Antwort von 62.155.247.172: Zielnetz nicht erreichbar.

Ping-Statistik für 192.168.1.101:
    Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
    (0% Verlust),

*my cmd is in german

The new static lease didn't solve the problem either ( double checked correct MAC adress ).

The confusing part for me is that the remote access through the rms website works as expected, but the direct connection while connected with the VPN doesnt.

( I added a new troubeshooting file with the static lease )
 

by anonymous

Update:

I changed the device DNS to the routers IP adress ( 192.168.1.1 - was set to 0.0.0.0 before). I don't think that the router hosts a DNS service? At least it's not enabled under Network -> Interfaces -> General -> LAN -> DNS servers. There are some enabled options under Network -> DNS, like these:

 

Network - DNS settings
Log queries ON
DNS forwardings 0.0.0.0
Rebind protection OFF
Local service only ON
Listen interfaces OFF
Exclude interfaces OFF
Filter private ON
Localise queries ON
Netmask
Description Netmask
Router RUT950 255.255.255.0
VPN hub virtual netmask 255.255.255.0
Device (printer) netmask 255.255.255.0

The netmask of the router and the additional device is 255.255.255.0 . The virtual network netmask is also 255.255.255.0, but I found the device with the scan tool from VPN hub >> Routes >> Add route. It set the device to 

VPN hub - Routes config
192.168.1.101 255.255.255.255

And now the direct connection through VPN works as expected, but I am not sure why and I don't know if I could replicate the connection process if another device isn't detected through the scan tool from your website.
Do you know why it uses a different subnet mask for the VPN and why that works?

by anonymous

Hello,

Good to hear that you have managed to solve the issue.

The newly attached troubleshoot file now does have 192.168.1.101 in its ARP table.

The router does have DNS in dnsmasq package form. However, I do not see the relation between DNS and RMS VPN hub functionalities.

The virtual network netmask refers to the virtual OpenVPN network, used for communication through the tunnel, independent of the LAN subnets of the connected sites.

The VPN hub route refers to a specific device in your remote LAN, thus the need for 255.255.255.255 subnet mask. If the route would point to 192.168.1.0 address, then 255.255.255.0 netmask would be correct, as it would route to a range of addresses within the network.

Best regards,

by anonymous
Hi,
thank you very much for your reply. I'll have to dig into this topic to get a deeper understanding of the network topology and network communication. Can you recommend any specific literature?

Your answer was helpful, and I actually managed to replicate the process for a different project site and devices.

Have a great week :)
Best regards,
Yokky