FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
2,095 views 4 comments
by anonymous
Hi,

I have LTE Internet up and running and bridged to my main router. So far so good.

For the sake of simplicity i changed back to NAT mode and added a static DHCP entry on the RUT240 to be assigned to the router.

I had a working OpenVPN setup running with my previous modem setup, so the openvpn part is ok. Also the DDNS service updated the public ip correctly.

But i have the issue that it seems that the openvpn server isn't receiving anything and the client times out during the connection attempt.

What i've tried so far is enabling DMZ for the routers ip address.

Also i tried to forward the UDP port 1193 (which is used by my OpenVPN tunneling) to the router ip.

What else i could check?

Thank you.

1 Answer

0 votes
by
Hi,

It ought to be either one of the following:

- wrong forwarded port, i.e. a typo in configuration;

- server side not configured to have router as a default gateway (if you had some static configuration, and router is notba dhcp server - quite possible)

- server with multiple interfaces, and vpn response is not routed to router's lan ip

- no actual public ip. Just for the sake of it, check of the wan ip in overview window is the same as in i.e. whatsmyip. And in general confirm that the sim ip is reachable from outside.

If you do packet capture on the server side - do you get any vpn packets?
by anonymous

- wrong forwarded port, i.e. a typo in configuration;

since the options in this menu are as simple as "protocol / port / forward-ip" i can't do much wrong here

- server side not configured to have router as a default gateway (if you had some static configuration, and router is notba dhcp server - quite possible)

the RUT240 is configured as DHCP/NAT with the static DHCP entry. The DD-WRT router also gets the specified IP assigned. So all settings should already come along with DHCP.

- server with multiple interfaces, and vpn response is not routed to router's lan ip

the server is directly executed on the DD-WRT router

- no actual public ip. Just for the sake of it, check of the wan ip in overview window is the same as in i.e. whatsmyip. And in general confirm that the sim ip is reachable from outside.

already did that. The public IP is correct. The OpenVPN client also resolves the DDNS address to the correct IP. Logs on client and server state that the IP is correct.

If you do packet capture on the server side - do you get any vpn packets?

when i run tcpdump -i vlan2 udp port 1193 -vv on the DD-WRT router and try to connect the OpenVPN client i do not receive anything. (where "vlan2" is the interface name of the WAN port)

Whereas tcpdump -i vlan2 captures my internet traffic while browsing a website as it should.

So to me it looks like the RUT still blocks my OpenVPN connections. I also tried to enabled webUI access in my DD-WRT router, created a portforward rule to 8080 and tried to connect via the public ip. Same result, not reachable.

Basically DMZ should already do what i want no? And it also should be pretty straight forward to setup those 2 config fields for "enabled" and "target host ip", but it still seems it is not working.

by
I wont dispute the straight forwardnesw indeed.

You could do some basics, if not done yet, i.e.

- open http(s) access on the rut240 on wan. Check if that works fine (ofc taking unused port, and one that would not be blocked by isp)

- making a forwarding to your pc, with a single pc interface active. Use anything that would listen for incomming connections, say - hercules in tcp server mode.

- you might also tcpdump the rut240 via ssh/cli.

Get interfaces (br-lan) with ifconfig, use tcpdump syntax.

- do you use vlans on ddwrt?
by anonymous
well, it seems that my ISP already has an firewall enabled on LTE connection by default before it even reaches my modem.
Then of course not a single setting has any effect.

i'm in correspondence with my ISP now and report back.
by anonymous
after submiting an request for a public IP on my ISP everything is working as expected.

Most ISP (here in Austria) seem to assign a private IP in the internal LTE network and a public IP has to be explicitly requested (free of charge).

thank you for the help.