I'm having issues with connecting to the devices via a VPN-Hub or even VPN quick connect. The VPN hub worked fine and stable for many months, but a few weeks ago became flaky with dozens of attempts needed to even receive one ping from a device behind it.
Right now it completely stopped working.
For test purposes I set up a quick-connect VPN to demonstrate the issue:
1.create a new Endpoint in VPN quick connect
2. Scan the devices - every device is correctly detected select the raspberry pi!
3. The VPN quick-connect setup now looks like this
4.When clicking "create" everything is correctly generated and the deactivated endpoint looks like this:
5. Now start the Endpoint (all works flawlessly)
6. Everything looks good now and the Raspberry Pi is listed correctly
7. Download the .ovpn config file
8. Try the Telonika RMS VPN Tool: After a few minutes we can connect to the VPN hub and the Route is correctly listed. A bit of traffic is also visible
9. Try pinging the route from windows terminal -> connection times out!
10. Let's try this with the OpenVPN GUI on windows instead (this never connects due to these errors):
11. Let's try it on Ubuntu 22.04 -> it looks like the connection works fine here!
user@ububox:/tmp/rms$ sudo openvpn --config firstname.lastname@example.org
2023-05-10 18:48:14 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-05-10 18:48:14 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-05-10 18:48:14 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-05-10 18:48:14 TCP/UDP: Preserving recently used remote address: [AF_INET]126.96.36.199:35892
2023-05-10 18:48:14 UDP link local: (not bound)
2023-05-10 18:48:14 UDP link remote: [AF_INET]188.8.131.52:35892
2023-05-10 18:48:14 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
2023-05-10 18:48:14 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2023-05-10 18:48:14 [teltonika-vpn-8RAoxkOlPnFSbJU6] Peer Connection Initiated with [AF_INET]184.108.40.206:35892
2023-05-10 18:48:14 TUN/TAP device tun8RAoxkO opened
2023-05-10 18:48:14 net_iface_mtu_set: mtu 1500 for tun8RAoxkO
2023-05-10 18:48:14 net_iface_up: set tun8RAoxkO up
2023-05-10 18:48:14 net_addr_ptp_v4_add: 192.168.255.6 peer 192.168.255.5 dev tun8RAoxkO
2023-05-10 18:48:14 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-05-10 18:48:14 Initialization Sequence Completed
12. let's try pinging here as well -> also no success
user@ububox:/tmp/rms$ ping 192.168.1.183
PING 192.168.1.183 (192.168.1.183) 56(84) bytes of data.
--- 192.168.1.183 ping statistics ---
1033 packets transmitted, 0 received, 100% packet loss, time 1058466ms
13. And yes I checked the device is online via the remote CLI
I tried different devices which I know all were reachable previously
Has anyone any idea what's wrong here? It worked so well and I did many successful deploys with Ansible with the VPN-Hubs we have, which remained completely unchanged - everything was stable and quick.
I also checked the credits
- 16 credits left
- remaining data 3839.37 MB
- data usage is currently 1.35 GB where we have 3 GB available
The RMS, CLI, remote Web-UI and everything else also works flawlessly!
The firmware version is the latest (RUT9_R_00.07.04.2) I don't want to try to rollback to an older version, since all configuration might be lost doing this.
We have one other setup using a VPN-hub which is connected permanently for data transmission. I am scared to even touch this as it might also randomly stop working which would eventually cause a production outage for us.
I'm desperate to hear your thoughts on this and maybe someone from Teltonika can have a detailed look. I'm happy to provide more details (company id etc. pp) - please reach out to me - I hope I didn't already leak too many details!
(I wasn't able to add images in-line since the bytes probably count as characters? so the max length was exceeded)