Hello. I think this has already several answers but I’m kinda stuck.
I set up an OpenVpn server on a windows server. I can successfully connect my RUT241 to the vpn (TUN).
The RUT241 has a machine attached (e.g. 123.456.78.9) which I’d like to connect from the windows server.
I can successfully ping the router (10.8.0.1) but i cannot ping the machine connected to it.
Can someone point me to a guide? I think I’m missing the part of the RUT241 forwarding.
Sorry, Router is 10.8.0.3-
I tried forwarding from openvpn zone to LAN but with no success.
It would be ok to access the device behind the RUT only with port forwarding (e.g. being able to telnet it forwarding port 15000 to 123.456.78.9:23). I tried it but i cant get it to work.
The website doesn’t let me upload the troubleshooting zip.
Hello,
Firstly, could you please check if the OpenVPN server has a route to the LAN network of RUT241 via OpenVPN?
Also, are LAN networks on the RUT241 and the Server different? Make sure those do not overlap. For example, if both are on the 192.168.1.0/24 network, please change one of those networks to something different, like 192.168.2.0/24.
Kind Regards,
The windows server’s routing table (server on which i have the openvpn server running) has this row in the routing table:
Destination Netmask Gateway Interface Metric
192.168.1.0 255.255.255.0 10.8.0.3 10.8.0.1 26
The server’s LAN network is different (195.others) so there is no overlap.
I can successfully ping from server to router (10.8.0.3).
Hello,
Can you ping the LAN IP of RUT241?
Does the device in LAN of RUT241 has a gateway configured?
Could you please try enabling masquerading on LAN => WAN/OpenVPN zone in Network → Firewall settings to see if it helps?
Kind Regards,
No, the ping from the server to the RUT241’s LAN address (192.168.1.1) does not work. The request times out.
The device in LAN has a gateway configured (default on 192.168.1.1)
Masquerading is enabled, it’s not helping.
My guess is that I forgot to do something with the firewall and the zones: is there a guide that explains exactly how to configure those things?
Thank you for your time.
Hello,
Make sure that OpenVPN zones is configured to allow forwarding to LAN zone:
Regarding a guide, there are a few articles available on our wiki. The most relevant ones for your case would be here and here.
Kind Regards,
I think i’m missing something in the network configuration also, because I do not have an “openvpn” network to select.
Hello,
What firmware version are you on?
The OpenVPN network may not appear in the covered networks for Firewall zone on the older firmwares, but it should work. Perhaps you updated the device to the latest firmware with ‘keep settings’ option? If so, could you please try resetting the device to factory defaults and reconfigure it?
If the issue persists, could you check if the router receives pings on the tunnel interface when you ping the LAN devices? To do so, access the RUT via CLI/SSH with username ‘root’ , install tcpdump and run it on the tunnel interface:
# install tcpdump
opkg update
opkg install tcpdump
# check the name of the tunnel interface
ifconfig
# run tcp dump on that interface (replace tun_clntvp with your interface)
tcpdump -i tun_clntvp icmp
Do you see ICMP packets going into LAN when pinging from the server? Are there any replies?
Kind Regards,
I’m on RUT2M_R_00.07.05.
I did a factory reset (reset button pressed for > 5s) and reconfigured the OpenVPN connection. I will do the test ASAP.
(for info: Yesterday I also connected the router to the RMS service (we also use it) and I successfully SSH into my device via the RMS webpage.)
Do you see ICMP packets going into LAN when pinging from the server? Are there any replies?
Yes I do. They arrive to the router from the server (10.8.0.1) but there is no reply from the lan device.
Here’s the output of tcpdump.
12:24:06.634996 IP 10.8.0.1 > 192.168.1.186: ICMP echo request, id 1, seq 36, length 40
12:24:11.425097 IP 10.8.0.1 > 192.168.1.186: ICMP echo request, id 1, seq 37, length 40
12:24:16.396585 IP 10.8.0.1 > 192.168.1.186: ICMP echo request, id 1, seq 38, length 40
12:24:21.409100 IP 10.8.0.1 > 192.168.1.186: ICMP echo request, id 1, seq 39, length 40
Ok there were some misconfigurations on the LAN machine, the default route was always modified by another software so the ping arrived but it didn’t know where to go next.
Hi @mirco,
Did you have create a specific forward rule or an exception in the firewall to be able to ping the LAN?
I have a problem similar to yours (please see: [TRB500] OpenVPN connected but not access to LAN).
But on my side, I checked the client and server side routes and everything looks good. On the other hand, when I do a tcpdump on the OpenVPN interface on the Teltonika router, I see pings when I ping the IP address from tunnel network, but I do not see a ping request when I ping to the LAN.
An idea ?
Apparently, no. When i reset to factory settings all my forwardings were removed. All default. In network>firewall>rules i have an “Allow-Ping” turned on, but you should have it too.
The only thing that comes to mind is the routing table but you said you checked.
Have you double checked?
I (for lack of better knowledge of OpenVPN configuration files) ended to manually add the route to my device on the other windows machines where I tried to ping. (route add 192.168.1.186 MASK 255.255.255.0 10.8.0.3)
I found useful to “tcpdump” on each machine involved in the ping test.
I also reset to factory and I have also the “Allow-Ping” rule.
Routing table on my Teltonika router (OpenVPN client) :
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 1 0 0 rmnet_data0
10.90.100.0 10.90.200.1 255.255.255.0 UG 0 0 0 tun_c_OVPNSKS
10.90.200.0 * 255.255.255.0 U 0 0 0 tun_c_OVPNSKS
And routing table on my pfSense router (OpenVPN server) :
default xxx.xxx.xxx.254 UGS 12 1500 vtnet0
10.90.200.0/24 link#8 U 9 1500 ovpns2
10.90.200.1 link#4 UHS 10 16384 lo0
192.168.2.0/24 10.90.200.2 UGS 11 1500 ovpns2
And this is the result of a ping from my pfSense 10.90.200.1 to 192.162.2.1 :
PING 192.168.2.1 (192.168.2.1) from 10.90.200.1: 56 data bytes
--- 192.168.2.1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
If I ping from pfSense to Teltonika on the tunnel IP address, ping ok :
PING 10.90.200.2 (10.90.200.2) from 10.90.200.1: 56 data bytes
64 bytes from 10.90.200.2: icmp_seq=0 ttl=64 time=42.433 ms
64 bytes from 10.90.200.2: icmp_seq=1 ttl=64 time=42.957 ms
64 bytes from 10.90.200.2: icmp_seq=2 ttl=64 time=46.217 ms
--- 10.90.200.2 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 42.433/43.869/46.217/1.674 ms
So, the tunnel work
This topic was automatically closed after 15 days. New replies are no longer allowed.