Access device behind client's RUT241

Hello. I think this has already several answers but I’m kinda stuck.

I set up an OpenVpn server on a windows server. I can successfully connect my RUT241 to the vpn (TUN).
The RUT241 has a machine attached (e.g. 123.456.78.9) which I’d like to connect from the windows server.
I can successfully ping the router ( but i cannot ping the machine connected to it.

Can someone point me to a guide? I think I’m missing the part of the RUT241 forwarding.

Sorry, Router is

I tried forwarding from openvpn zone to LAN but with no success.

It would be ok to access the device behind the RUT only with port forwarding (e.g. being able to telnet it forwarding port 15000 to 123.456.78.9:23). I tried it but i cant get it to work.

The website doesn’t let me upload the troubleshooting zip.


Firstly, could you please check if the OpenVPN server has a route to the LAN network of RUT241 via OpenVPN?

Also, are LAN networks on the RUT241 and the Server different? Make sure those do not overlap. For example, if both are on the network, please change one of those networks to something different, like

Kind Regards,

The windows server’s routing table (server on which i have the openvpn server running) has this row in the routing table:
Destination Netmask Gateway Interface Metric 26

The server’s LAN network is different (195.others) so there is no overlap.

I can successfully ping from server to router (


Can you ping the LAN IP of RUT241?

Does the device in LAN of RUT241 has a gateway configured?

Could you please try enabling masquerading on LAN => WAN/OpenVPN zone in Network → Firewall settings to see if it helps?

Kind Regards,

No, the ping from the server to the RUT241’s LAN address ( does not work. The request times out.

The device in LAN has a gateway configured (default on

Masquerading is enabled, it’s not helping.

My guess is that I forgot to do something with the firewall and the zones: is there a guide that explains exactly how to configure those things?

Thank you for your time.


Make sure that OpenVPN zones is configured to allow forwarding to LAN zone:

Regarding a guide, there are a few articles available on our wiki. The most relevant ones for your case would be here and here.

Kind Regards,

I think i’m missing something in the network configuration also, because I do not have an “openvpn” network to select.

Here are my network interfaces


What firmware version are you on?

The OpenVPN network may not appear in the covered networks for Firewall zone on the older firmwares, but it should work. Perhaps you updated the device to the latest firmware with ‘keep settings’ option? If so, could you please try resetting the device to factory defaults and reconfigure it?

If the issue persists, could you check if the router receives pings on the tunnel interface when you ping the LAN devices? To do so, access the RUT via CLI/SSH with username ‘root’ , install tcpdump and run it on the tunnel interface:

# install tcpdump
opkg update
opkg install tcpdump
# check the name of the tunnel interface
# run tcp dump on that interface (replace tun_clntvp with your interface)
tcpdump -i tun_clntvp icmp

Do you see ICMP packets going into LAN when pinging from the server? Are there any replies?

Kind Regards,

I’m on RUT2M_R_00.07.05.

I did a factory reset (reset button pressed for > 5s) and reconfigured the OpenVPN connection. I will do the test ASAP.

(for info: Yesterday I also connected the router to the RMS service (we also use it) and I successfully SSH into my device via the RMS webpage.)

Do you see ICMP packets going into LAN when pinging from the server? Are there any replies?

Yes I do. They arrive to the router from the server ( but there is no reply from the lan device.

Here’s the output of tcpdump.

12:24:06.634996 IP > ICMP echo request, id 1, seq 36, length 40                                                                         
12:24:11.425097 IP > ICMP echo request, id 1, seq 37, length 40                                                                         
12:24:16.396585 IP > ICMP echo request, id 1, seq 38, length 40                                                                         
12:24:21.409100 IP > ICMP echo request, id 1, seq 39, length 40 

Ok there were some misconfigurations on the LAN machine, the default route was always modified by another software so the ping arrived but it didn’t know where to go next.

Hi @mirco,

Did you have create a specific forward rule or an exception in the firewall to be able to ping the LAN?

I have a problem similar to yours (please see: [TRB500] OpenVPN connected but not access to LAN).

But on my side, I checked the client and server side routes and everything looks good. On the other hand, when I do a tcpdump on the OpenVPN interface on the Teltonika router, I see pings when I ping the IP address from tunnel network, but I do not see a ping request when I ping to the LAN.

An idea ?

Apparently, no. When i reset to factory settings all my forwardings were removed. All default. In network>firewall>rules i have an “Allow-Ping” turned on, but you should have it too.

The only thing that comes to mind is the routing table but you said you checked.

Have you double checked?
I (for lack of better knowledge of OpenVPN configuration files) ended to manually add the route to my device on the other windows machines where I tried to ping. (route add MASK

I found useful to “tcpdump” on each machine involved in the ping test.

I also reset to factory and I have also the “Allow-Ping” rule.

Routing table on my Teltonika router (OpenVPN client) :

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *              U     1      0        0 rmnet_data0   UG    0      0        0 tun_c_OVPNSKS     *        U     0      0        0 tun_c_OVPNSKS

And routing table on my pfSense router (OpenVPN server) :

default	UGS	12	1500	vtnet0	link#8	U	9	1500	ovpns2	link#4	UHS	10	16384	lo0	UGS	11	1500	ovpns2

And this is the result of a ping from my pfSense to :

PING ( from 56 data bytes

--- ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

If I ping from pfSense to Teltonika on the tunnel IP address, ping ok :

PING ( from 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=42.433 ms
64 bytes from icmp_seq=1 ttl=64 time=42.957 ms
64 bytes from icmp_seq=2 ttl=64 time=46.217 ms

--- ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 42.433/43.869/46.217/1.674 ms

So, the tunnel work

This topic was automatically closed after 15 days. New replies are no longer allowed.