FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
115 views 3 comments
by anonymous

Hello,

This is my first experience with Teltonika products. I recently purchased RUTX 50, Fiirmware version on the device is RUTX_R_00.07.04.2. I have setup ovpn server in the device. There are, however, a few peculiarities which I have noticed:

1. If the server is left running for a few days, and then I try to connect to it the connection is refused. I then have to shut down the ovpn server on RUTX50, go into editing the settings and without changing anything re save them and enable the server. Only then am I able to connect to the server. Why is this?

2. If I enable "remote-cert-tls server" on client side, I get a TLS authentication failure. I suspect it has to do with key generation.

  • How can I generate a key on RUTX50 to enable additional security?
  • Is there a way to edit the ovpn server configuration file on RUTX50?
Hopefully you can guide me in the right direction.
Thanks in advance.
Bobba

1 Answer

0 votes
by anonymous

Hello,

  1. In case of the disconnects, OpenVPN should be able to eventually restart and reestablish the connection. Does the router have a proper internet connection? Could you attach a troubleshoot file to your question? Make sure the issue is present, then access router's WebUI, go to System -> Administration -> Troubleshoot section and download troubleshoot file from there. The logs in the file might provide more insight into the issue.
  2. --remote-cert-tls client|server require that peer certificate was signed with an explicit key usage and extended key usage based on RFC3280 TLS rules. Could you check, if properly generated certificates are being used?

Best regards,

by anonymous
Hello,

Thanks for responding. In the mean time I did resolve the "--remote-cert-tls server" issue by using certificated generated with quick-RSA. Though I must say, as RUTX50 is considered a professional level device, the certificates which are generated by the device should also support extended keys following RFC 3280 TLS rules.

Regarding my first observation, requiring a restart of the server. This has nothing to do with the internet connection. Internet connection is stable. It happens when the ovpn server remains active for a few days without any client connecting to it. For example. Ovpn server is running for 4 days, then on the 5th day a connection attempt is made, that connection is not accepted. Workaround is to re-start the server, it then starts accepting connections again. Quite weird.

Thanks
by anonymous
Missed adding this bit, checking the logs was the first I thing I did. However, there is no information in the logs which indicates a reason why the server does not respond. Maybe something for your engineering to test internally.

Thanks and best regards.
by anonymous
Thank you for your feedback.

We will test VPN server behavior and consider certificate generation updates.

Best regards,