subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
230 views 2 comments
by anonymous

I'm having issues with connecting to the devices via a VPN-Hub or even VPN quick connect. The VPN hub worked fine and stable for many months, but a few weeks ago became flaky with dozens of attempts needed to even receive one ping from a device behind it.
Right now it completely stopped working.
For test purposes I set up a quick-connect VPN to demonstrate the issue:
1.create a new Endpoint in VPN quick connect

2. Scan the devices - every device is correctly detected select the raspberry pi!

3. The VPN quick-connect setup now looks like this

4.When clicking "create" everything is correctly generated and the deactivated endpoint looks like this:

5. Now start the Endpoint (all works flawlessly)

6. Everything looks good now and the Raspberry Pi is listed correctly

7. Download the .ovpn config file
8. Try the Telonika RMS VPN Tool: After a few minutes we can connect to the VPN hub and the Route is correctly listed. A bit of traffic is also visible

9. Try pinging the route from windows terminal -> connection times out!
10. Let's try this with the OpenVPN GUI on windows instead (this never connects due to these errors):
11. Let's try it on Ubuntu 22.04 -> it looks like the connection works fine here!

user@ububox:/tmp/rms$ sudo openvpn --config
2023-05-10 18:48:14 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-05-10 18:48:14 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-05-10 18:48:14 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-05-10 18:48:14 TCP/UDP: Preserving recently used remote address: [AF_INET]
2023-05-10 18:48:14 UDP link local: (not bound)
2023-05-10 18:48:14 UDP link remote: [AF_INET]
2023-05-10 18:48:14 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
2023-05-10 18:48:14 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2023-05-10 18:48:14 [teltonika-vpn-8RAoxkOlPnFSbJU6] Peer Connection Initiated with [AF_INET]
2023-05-10 18:48:14 TUN/TAP device tun8RAoxkO opened
2023-05-10 18:48:14 net_iface_mtu_set: mtu 1500 for tun8RAoxkO
2023-05-10 18:48:14 net_iface_up: set tun8RAoxkO up
2023-05-10 18:48:14 net_addr_ptp_v4_add: peer dev tun8RAoxkO
2023-05-10 18:48:14 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-05-10 18:48:14 Initialization Sequence Completed

12. let's try pinging here as well -> also no success

user@ububox:/tmp/rms$ ping
PING ( 56(84) bytes of data.
--- ping statistics ---
1033 packets transmitted, 0 received, 100% packet loss, time 1058466ms

13. And yes I checked the device is online via the remote CLI

I tried different devices which I know all were reachable previously

Has anyone any idea what's wrong here? It worked so well and I did many successful deploys with Ansible with the VPN-Hubs we have, which remained completely unchanged - everything was stable and quick.
I also checked the credits

  • 16 credits left
  • remaining data 3839.37 MB
  • data usage is currently 1.35 GB where we have 3 GB available

The RMS, CLI, remote Web-UI and everything else also works flawlessly!
The firmware version is the latest (RUT9_R_00.07.04.2) I don't want to try to rollback to an older version, since all configuration might be lost doing this.

We have one other setup using a VPN-hub which is connected permanently for data transmission. I am scared to even touch this as it might also randomly stop working which would eventually cause a production outage for us.

I'm desperate to hear your thoughts on this and maybe someone from Teltonika can have a detailed look. I'm happy to provide more details (company id etc. pp)  - please reach out to me - I hope I didn't already leak too many details!
Cheers, Jonas

(I wasn't able to add images in-line since the bytes probably count as characters? so the max length was exceeded)

1 Answer

0 votes
by anonymous


Could you please clafiry the following:

  • Firstly, can you please check whether LAN forwarding is enabled in the RMS VPN Hub -> routes settings?
  • Secondly, is a default gateway configured on the Raspberry Pi, and if so, is it pointing towards the RUT950?
  • Thirdly, is the RUT950 the gateway router in your network topology?
  • Lastly, how is the Raspberry Pi connected to the RUT950?

Additionally, could you please attach a troubleshoot file from RUT950? You can attach it by editing your question. Troubleshoot file can be downloaded from System -> Administration -> Troubleshoot. The attached files are only visible to Teltonika moderators.

Kind Regards,


by anonymous

Hi Andzej,
thanks for your quick response!

  • LAN forwarding was not enabled, enabling it however did not change anything. It was previously also not enabled and it worked fine. How would this work with quick connect?
  • The default gateway of the Raspberry Pi seems to be configured correctly:

default via dev eth0 proto dhcp src metric 202 dev eth0 proto dhcp scope link src metric 202

  • I am not sure about the gateway router though, there used to be a network topology option, but that has unfortunately been removed with the latest firmware version. How can I verify this now?
  • The Raspberry Pi is connected to the router via LAN (image attached)
  • I have attached the tarball to my original question

by anonymous


It appears that the RMS firewall zone forwarding is currently set to REJECT. 

Basically, if you enable the allow LAN forwarding setting on the RMS VPN Hub, it changes the RMS firewall zone on the device to allow traffic forwarding from the RMS VPN to the LAN. 

Could you please navigate to the Network -> Firewall section and set the forward option to ACCEPT for the RMS zone. Also, click on edit and make sure that LAN is added in both, Allow forward to destination and Allow forward from source zones.

Let me know if this helps!

Kind Regards,