Configuration OpenVPN

Good evening,

I would like to ask a few questions as I am facing an issue while configuring a Rut200 for openVPN. Specifically, I will describe the type of installation so you can provide me with the appropriate instructions. There are 10 Rut200 devices installed in 10 different locations, and I want to have access to each local network in order to subsequently gain access to the equipment connected there. These specific Rut200 devices use mobile SIM cards and have DNS IP addresses, not static IPs. Essentially, I want to activate each connection on demand to communicate with the respective PLC connected to the local network. I assume that the connection should be client-to-site.

At the moment, I have completed the configuration for remote access to the Rut200 interface.

Any help would be greatly appreciated.

Thank you very much.

Hi!

We have a similar like this, in site2site config.
We do this by changing the router IP’s. Then setup the VPN server for routes.
(

Screenshot 2024-11-23 at 17.58.133146×1524 362 KB

Every site has been configured with the same IPv4 address 192.168.1.1. In addition, we have configured the PLC in every at the same IP 192.168.1.100. Is that wrong?
My problem is that I am not familiar with completing the total configuration of the openVPN. Do you have any support in a real-time session in order to figure it out? Thanks a lot

Please find below the relevant logs

Sat Nov 23 22:35:25 2024 daemon.notice openvpn(Mouzika)[14689]: Note: NOT using ‘–topology subnet’ disables data channel offload.
Sat Nov 23 22:35:25 2024 daemon.notice openvpn(Mouzika)[14689]: OpenVPN 2.6.9 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] [DCO]
Sat Nov 23 22:35:25 2024 daemon.notice openvpn(Mouzika)[14689]: library versions: OpenSSL 3.0.14 4 Jun 2024, LZO 2.10
Sat Nov 23 22:35:25 2024 daemon.notice openvpn(Mouzika)[14689]: DCO version: N/A
Sat Nov 23 22:35:25 2024 daemon.notice openvpn(Mouzika)[14689]: net_route_v4_best_gw query: dst 0.0.0.0
Sat Nov 23 22:35:25 2024 daemon.notice openvpn(Mouzika)[14689]: net_route_v4_best_gw result: via 0.0.0.0 dev usb0
Sat Nov 23 22:35:25 2024 daemon.warn openvpn(Mouzika)[14689]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 23 22:35:25 2024 daemon.warn openvpn(Mouzika)[14689]: OpenSSL: error:05800074:lib(11)::reason(116):
Sat Nov 23 22:35:25 2024 daemon.warn openvpn(Mouzika)[14689]: Cannot load private key file /etc/vuci-uploads/cbid.openvpn.Mouzika.keyvpn.server.local.key.nopass.pem
Sat Nov 23 22:35:25 2024 daemon.err openvpn(Mouzika)[14689]: Error: private key password verification failed
Sat Nov 23 22:35:25 2024 daemon.notice openvpn(Mouzika)[14689]: Exiting due to fatal error

I am not linux nor vpn expert, but I had to spent over 50 hours on this setup, because linux and network guys has more ego than knowledge (respect for the exception).
I also spent over 500 EUR for a basic setup which was unsecured. Ending up guys from Egypt and India, who at least knows what to do and fix the incorrect setup relatively cheap. On upwork you can find many experts - just be sure to do project contract and not hourly.

In our case we wanted to reach all devices connected to the teltonika router (incl. PLC, IP cameras etc) which has internet through mobil net / regular SIM cars. If you want to connect only one device could be there is an easier way.
If you want you can use teltonika built in functions (I think it is not free):
Youtube: “How to control your Siemens PLC remotely over Ethernet with RUT240?”

If you want your on openvpn server some hits:
Server side

1. Subscribe to simple VPS server for a month, so you can test, and if you do something wrong, just request a clean install from backend and within few minutes you can start over.
   I use for test: Új szolgáltatás megrendelése - RackForest
   Cheapest enough less than 4 EUR/month, and you cancel any time. But you can choose almost any of the provider (VPN Special from AlphaVPS did not work me).

2. Install Ubuntu 22.04.5 LTS

3. Login with ssh with root and run commands:
   For update

sudo apt update
sudo apt upgrade

for install vpn with GitHub - Nyr/openvpn-install: OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

(choose: 2 (TCP), PORT 443, 2 (google), test)
we use 443 and not the default 1194 because some mobile provider may block ports like 1194

4. Then you need add/edit some files, or with ssh or I like sftp better more visual:
   copy sample aut.sh to /etc/openvpn/
   give permission 755 to the file
   copy sample ccd folder to /etc/openvpn/server/
   give permission 644 to all files inside the folder
   open /etc/openvpn/server/server.conf
   delete the file content, and copy data from sample server.conf (do not copy the file itself only content!)
   copy /etc/openvpn/server/ca.crt to computer
   open with text editor sample client1.ovpn, and copy between the content of the (/etc/openvpn/server/ca.crt)
   change to the correct IP!// remote x.x.x.x 443 tcp

run:

systemctl restart openvpn-server@server.service
systemctl status openvpn-server@server.service

Client side setup
5. import the profile file (sample client1.ovpn) to OpenVPN Connect, enter username/password, choose WITHOUT certificate

Teltonika side setup
Change the IP of the router to 10.254.x.1
Setup VPN.

teltonika_setup1944×2727 254 KB

=====
If you need I can provide some sample files for complete setup.

This is setup works, but has some security issue. Eg. if you client connects to the router of the site, he can also reach other sites. So some extra iptables rules needed.

Hi

I use a windows PC for remote configuration/monitoring.
I created the VPN server on RUT200 and it’s running.
After that I created the VPN client (i don’t know if it is necessary), once i turn it on then the DNS turned off automatically. Do you know why?

This topic was automatically closed after 60 days. New replies are no longer allowed.