WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

Firewall config for OpenVPN RUT240

0 votes
4,550 views 4 comments
by anonymous
Hi

I setup OpenVPN Server on RUT240 with Mobile WAN interface.

I set port forwarding 1194 UDP to 127.0.0.1

I set Traffic Rules to allow VPN traffic from "any host from wan to any router IP for port 1194 UDP

I set General Settings - Zone Forwarding - "vpn" - allow forward to LAN:lan.

nmap scan of public IP address said that port 1194 UDP is open but filtered. So someting block communication. What else should I setup?

2 Answers

+1 vote
by anonymous

Best answer
by anonymous
Dziugas - thanks for tip once again. I double check everything again. Generate certs once again and now works! :) Thank You.
by anonymous
No problem. Good luck with your solution!
0 votes
by anonymous
Hello,

Have you tried your configuration before changing firewall rules and had any issues ?

If you configure OpenVPN (with default 1194 port) firewall rule should be automatically enabled and there should be nothing blocking your comunication from the routers side.

In some countries VPNs are blocked by the ISP itself so it should be checked with them as well.
by anonymous

Hi,

yes I reset router to default and didn't touch firewall, setup OpenVPN and didn't work (port was closed). So I done something different to check what is wrong with firewall: I add port forwarding to RDC (TCP 3389) and it works fine - port was open and I can connect remotely to PC with RDC. Let's back to problem - next step was to fire up OpenVPN server. I checked in Status that it work and next scan nmap 1194 UDP port - I had closed, so add Port forwarding and port is open.

But next step was to try to connect over  OpenVPN, and I had error:

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

TLS Error: TLS handshake failed

When I login thru SSH to RUT240 (192.168.2.1) and run: tcpdump -qni any port 1194 I see that there is communication to external IP of RUT240 (172.16.5.67) from remote client which has IP 172.16.5.57:

19:47:54.701086 IP 172.16.5.57.1194 > 172.16.5.67.1194: UDP, length 1188
19:47:55.872438 IP 172.16.5.57.1194 > 172.16.5.67.1194: UDP, length 36
19:47:59.437345 IP 172.16.5.57.1194 > 172.16.5.67.1194: UDP, length 1188
19:48:00.665744 IP 172.16.5.57.1194 > 172.16.5.67.1194: UDP, length 36

Connection OpenVPN is on test lab, so it has private IP addresses - so ISP don't block VPN traffic.

by anonymous

It looks to me like there could be a problem with TLS authentication:

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

Are you sure your certificates are correctly generated?

Also, can you provide a screenshot of the configuration or the contents of the configuration file itself? Based on your description, everything works for me, so I want to see if maybe you've missed something.