WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14164 questions

16817 answers

27653 comments

54087 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to wifi openvpn not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus

OVPN Server peculiarities on RUTX52

0 votes
35 views 3 comments
by

Hello,

This is my first experience with Teltonika products. I recently purchased RUTX 50, Fiirmware version on the device is RUTX_R_00.07.04.2. I have setup ovpn server in the device. There are, however, a few peculiarities which I have noticed:

1. If the server is left running for a few days, and then I try to connect to it the connection is refused. I then have to shut down the ovpn server on RUTX50, go into editing the settings and without changing anything re save them and enable the server. Only then am I able to connect to the server. Why is this?

2. If I enable "remote-cert-tls server" on client side, I get a TLS authentication failure. I suspect it has to do with key generation.

  • How can I generate a key on RUTX50 to enable additional security?
  • Is there a way to edit the ovpn server configuration file on RUTX50?
Hopefully you can guide me in the right direction.
Thanks in advance.
Bobba

1 Answer

0 votes
by

Hello,

  1. In case of the disconnects, OpenVPN should be able to eventually restart and reestablish the connection. Does the router have a proper internet connection? Could you attach a troubleshoot file to your question? Make sure the issue is present, then access router's WebUI, go to System -> Administration -> Troubleshoot section and download troubleshoot file from there. The logs in the file might provide more insight into the issue.
  2. --remote-cert-tls client|server require that peer certificate was signed with an explicit key usage and extended key usage based on RFC3280 TLS rules. Could you check, if properly generated certificates are being used?

Best regards,

by
Hello,

Thanks for responding. In the mean time I did resolve the "--remote-cert-tls server" issue by using certificated generated with quick-RSA. Though I must say, as RUTX50 is considered a professional level device, the certificates which are generated by the device should also support extended keys following RFC 3280 TLS rules.

Regarding my first observation, requiring a restart of the server. This has nothing to do with the internet connection. Internet connection is stable. It happens when the ovpn server remains active for a few days without any client connecting to it. For example. Ovpn server is running for 4 days, then on the 5th day a connection attempt is made, that connection is not accepted. Workaround is to re-start the server, it then starts accepting connections again. Quite weird.

Thanks
by
Missed adding this bit, checking the logs was the first I thing I did. However, there is no information in the logs which indicates a reason why the server does not respond. Maybe something for your engineering to test internally.

Thanks and best regards.
by
Thank you for your feedback.

We will test VPN server behavior and consider certificate generation updates.

Best regards,