File upload to a device via RMS-proxy not working

Hi,

I have a RUT200 (FW Version RUT2M_R_00.07.06.1) connected to RMS. A device (Solar-Log) connected to the RUT is reachable by http-traffic.
But if I try to run a Firmware-Update on the device, the data will not transfer to the device.
No problem will be reported on the WEB-Interface…
The upload will be performed with a javaScript-function “f.submit()”. I don’t know how this will stress the proxy…
Maybe the RMS-Proxy can not handle that data upload!?

As an alternative, if tried to setup VPN-HUB to that device. But without success. I run in connection problems like described here: VPN is unusable - keeps disconnecting every few seconds

Any hints for a solution are welcome!

Thanks

Solarix

Hello,

Could you please clarify if you are trying to update the firmware of your device in LAN, or are you trying to update the firmware of the RUT?

As for RMS VPN Hubs, is your internet connectivity stable? Both, on the PC and RUT?
Perhaps you are using .ovpn config file from RMS on other machines?
It’s also possible that there are some issues with your VPN Hub instance. Could you please try re-creating a hub again or try a server in a different location (for example, if you used Bahrain, try Germany, etc)?

Also, are you able to access the RUT with VPN Hubs? If not, could you please share a screenshot of your VPN Hub configurations? Before sharing screenshots, please ensure that e-mail address of your RMS account is not visible on the screenshots.

Kind Regards,

Hi,

I’m trying to update “device in LAN”.

Kind regards

Hello,

I would assume that you are trying to upload a firmware file to that device. The RMS Connect proxy should allow file uploads to devices in LAN. Thus, I would assume that the ‘device in LAN’ does not want to work this way for some reason (likely it rejects file upload over proxy). In this case, considering I may not be aware of the device type or its specifics, I would suggest using RMS VPN Hubs. Could you please check my last response in regard to VPN Hubs please?

Kind Regards,

Hello AndzejJ,

you were assuming right, I tried to explain that I want to upload a file to the LAN-device for a firmware update.

VPN-HUB:
I deleted and recreated a VPN-HUB with location in Germany and Bahrain.

I don’t have other RMS-VPN-Hubs but working VPN-Connections to other servers

For the connection, I’m using OpenVPN v2.6.6 under Win11 and WIN10 (testing with two PCs).

Here the first lines of the downloaded opvn for Bahrain:

client
nobind
dev tunkl1RXbK
remote-cert-tls server
remote 15.185.110.7 32698 udp
remote 15.184.134.94 32698 udp
<key>…

Within the OpenVPN-Logs (see below) the “TLS key negotiation failed”, maybe due to “Compression or compression stub framing is not allowed since data-channel offloading is enabled. OPTIONS ERROR: server pushed compression settings that are not allowed”!?
These for both locations.

I have no idea how to handle the “…compression setting…” on my side…?

Here the OpenVPN log for Germany:

Wed Jan 24 16:06:48 2024 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Wed Jan 24 16:06:48 2024 OpenVPN 2.6.6 [git:v2.6.6/c9540130121bfc21] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug 15 2023
Wed Jan 24 16:06:48 2024 Windows version 10.0 (Windows 10 or greater), amd64 executable
Wed Jan 24 16:06:48 2024 library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
Wed Jan 24 16:06:48 2024 DCO version: v0
Wed Jan 24 16:06:49 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]3.69.106.81:37266
Wed Jan 24 16:06:49 2024 ovpn-dco device [OpenVPN Data Channel Offload] opened
Wed Jan 24 16:06:49 2024 UDP link local: (not bound)
Wed Jan 24 16:06:49 2024 UDP link remote: [AF_INET]3.69.106.81:37266
Wed Jan 24 16:07:49 2024 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 24 16:07:49 2024 TLS Error: TLS handshake failed
Wed Jan 24 16:07:49 2024 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 24 16:07:50 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]3.65.167.143:37266
Wed Jan 24 16:07:50 2024 ovpn-dco device [OpenVPN Data Channel Offload] opened
Wed Jan 24 16:07:50 2024 UDP link local: (not bound)
Wed Jan 24 16:07:50 2024 UDP link remote: [AF_INET]3.65.167.143:37266
Wed Jan 24 16:07:52 2024 [teltonika-vpn-o7rOvA7pFCuGgU5c] Peer Connection Initiated with [AF_INET]3.65.167.143:37266
Wed Jan 24 16:07:52 2024 Compression or compression stub framing is not allowed since data-channel offloading is enabled.
Wed Jan 24 16:07:52 2024 OPTIONS ERROR: server pushed compression settings that are not allowed and will result in a non-working connection. See also allow-compression in the manual.
Wed Jan 24 16:07:52 2024 ERROR: Failed to apply push options
Wed Jan 24 16:07:52 2024 Failed to open tun/tap interface
Wed Jan 24 16:07:52 2024 SIGUSR1[soft,process-push-msg-failed] received, process restarting
Wed Jan 24 16:07:53 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]3.69.106.81:37266
Wed Jan 24 16:07:53 2024 ovpn-dco device [OpenVPN Data Channel Offload] opened
Wed Jan 24 16:07:53 2024 UDP link local: (not bound)
Wed Jan 24 16:07:53 2024 UDP link remote: [AF_INET]3.69.106.81:37266
Wed Jan 24 16:08:53 2024 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 24 16:08:53 2024 TLS Error: TLS handshake failed
Wed Jan 24 16:08:53 2024 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 24 16:08:54 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]3.65.167.143:37266
Wed Jan 24 16:08:54 2024 ovpn-dco device [OpenVPN Data Channel Offload] opened
Wed Jan 24 16:08:54 2024 UDP link local: (not bound)
Wed Jan 24 16:08:54 2024 UDP link remote: [AF_INET]3.65.167.143:37266
Wed Jan 24 16:09:24 2024 [teltonika-vpn-o7rOvA7pFCuGgU5c] Peer Connection Initiated with [AF_INET]3.65.167.143:37266
Wed Jan 24 16:09:24 2024 Compression or compression stub framing is not allowed since data-channel offloading is enabled.
Wed Jan 24 16:09:24 2024 OPTIONS ERROR: server pushed compression settings that are not allowed and will result in a non-working connection. See also allow-compression in the manual.
Wed Jan 24 16:09:24 2024 ERROR: Failed to apply push options
Wed Jan 24 16:09:24 2024 Failed to open tun/tap interface
Wed Jan 24 16:09:24 2024 SIGUSR1[soft,process-push-msg-failed] received, process restarting
Wed Jan 24 16:09:25 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]3.69.106.81:37266
Wed Jan 24 16:09:25 2024 ovpn-dco device [OpenVPN Data Channel Offload] opened
Wed Jan 24 16:09:25 2024 UDP link local: (not bound)
Wed Jan 24 16:09:25 2024 UDP link remote: [AF_INET]3.69.106.81:37266
Wed Jan 24 16:10:25 2024 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 24 16:10:25 2024 TLS Error: TLS handshake failed
Wed Jan 24 16:10:25 2024 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 24 16:10:26 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]3.65.167.143:37266
Wed Jan 24 16:10:26 2024 ovpn-dco device [OpenVPN Data Channel Offload] opened
Wed Jan 24 16:10:26 2024 UDP link local: (not bound)
Wed Jan 24 16:10:26 2024 UDP link remote: [AF_INET]3.65.167.143:37266

and the one from Bahrain:

Wed Jan 24 16:20:48 2024 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Wed Jan 24 16:20:48 2024 OpenVPN 2.6.6 [git:v2.6.6/c9540130121bfc21] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug 15 2023
Wed Jan 24 16:20:48 2024 Windows version 10.0 (Windows 10 or greater), amd64 executable
Wed Jan 24 16:20:48 2024 library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
Wed Jan 24 16:20:48 2024 DCO version: v0
Wed Jan 24 16:20:48 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]15.185.110.7:32698
Wed Jan 24 16:20:48 2024 ovpn-dco device [OpenVPN Data Channel Offload] opened
Wed Jan 24 16:20:48 2024 UDP link local: (not bound)
Wed Jan 24 16:20:48 2024 UDP link remote: [AF_INET]15.185.110.7:32698
Wed Jan 24 16:20:48 2024 [teltonika-vpn-kl1RXbKzAe2he6AY] Peer Connection Initiated with [AF_INET]15.185.110.7:32698
Wed Jan 24 16:20:48 2024 Compression or compression stub framing is not allowed since data-channel offloading is enabled.
Wed Jan 24 16:20:48 2024 OPTIONS ERROR: server pushed compression settings that are not allowed and will result in a non-working connection. See also allow-compression in the manual.
Wed Jan 24 16:20:48 2024 ERROR: Failed to apply push options
Wed Jan 24 16:20:48 2024 Failed to open tun/tap interface
Wed Jan 24 16:20:48 2024 SIGUSR1[soft,process-push-msg-failed] received, process restarting
Wed Jan 24 16:20:49 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]15.184.134.94:32698
Wed Jan 24 16:20:49 2024 ovpn-dco device [OpenVPN Data Channel Offload] opened
Wed Jan 24 16:20:49 2024 UDP link local: (not bound)
Wed Jan 24 16:20:49 2024 UDP link remote: [AF_INET]15.184.134.94:32698
Wed Jan 24 16:21:49 2024 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 24 16:21:49 2024 TLS Error: TLS handshake failed
Wed Jan 24 16:21:49 2024 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 24 16:21:50 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]15.185.110.7:32698
Wed Jan 24 16:21:50 2024 ovpn-dco device [OpenVPN Data Channel Offload] opened
Wed Jan 24 16:21:50 2024 UDP link local: (not bound)
Wed Jan 24 16:21:50 2024 UDP link remote: [AF_INET]15.185.110.7:32698
Wed Jan 24 16:21:50 2024 [teltonika-vpn-kl1RXbKzAe2he6AY] Peer Connection Initiated with [AF_INET]15.185.110.7:32698
Wed Jan 24 16:21:50 2024 Compression or compression stub framing is not allowed since data-channel offloading is enabled.
Wed Jan 24 16:21:50 2024 OPTIONS ERROR: server pushed compression settings that are not allowed and will result in a non-working connection. See also allow-compression in the manual.
Wed Jan 24 16:21:50 2024 ERROR: Failed to apply push options
Wed Jan 24 16:21:50 2024 Failed to open tun/tap interface
Wed Jan 24 16:21:50 2024 SIGUSR1[soft,process-push-msg-failed] received, process restarting
Wed Jan 24 16:21:51 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]15.184.134.94:32698
Wed Jan 24 16:21:51 2024 ovpn-dco device [OpenVPN Data Channel Offload] opened
Wed Jan 24 16:21:51 2024 UDP link local: (not bound)
Wed Jan 24 16:21:51 2024 UDP link remote: [AF_INET]15.184.134.94:32698

Regards

Solarix

Hello @Solarix,

I assume this issue is due to the OpenVPN client version. Please, try editing the .ovpn configuration file that you downloaded from RMS. Open it with a text editor and add:

--allow-compression yes

Alternatively, you can also try a different OpenVPN client/version.

If the issue persists, please attach new logs where ‘allow-compression yes’ is added.

Let me know how it goes!

Kind Regards,

Hello AndzejJ,

with
“–allow-compression yes”
a connection can be established with “Bahrain”, but not with “Germany” (TLS timeout…)

But, the OpenVPN log shows:

WARNING: Compression for sending and receiving enabled. Compression has been used in the past to break encryption. Allowing compression allows attacks that break encryption. Using "--allow-compression yes" is strongly discouraged for common usage. See --compress in the manual page for more information 

So compression should not be in the setup of the server…?

I’ll check to reach the LAN-Client later on, this evening.

Thanks so far.

For the “Bahrain-Location” I was able to add the RTU-device and a route for the “LAN-device”.

The fw-update to the LAN-Device was possible thru the VPN.

Still no connection to “Germany-Location”!?

Thanks so far.
Kind regards

Solarix

This topic was automatically closed after 15 days. New replies are no longer allowed.