How to reach the OPENVPN TAP client from outside via the DDNS of the OPENVPN TAP server

RUTX08:

fiber connection to internet (public)

DDNS to reach it from the outside

OPENVPN TAP server

Port forward 55555 to IP static of RUTX11

---

RUTX11 sim connection to internet (private)

OPENVPN TAP client

DHCP off and IP set static for RUTX11

---

From the PC connected to RUTX08 I reach RUTX11 and also the connected PC.

From the PC connected to RUTX11 I reach RUTX08 and also the connected PC.

From the outside via DDNS I reach RUTX08 but not RUTX11 via DDNS port 55555 of RUTX08…

I think it’s a routing problem… Can someone help me?

Hello,

I assume you can reach RUTX11 on port 55555 via port forwarding. But you cannot reach RUTX08s WebUI. Is that correct?

Is remote HTTP(S)/SSH access on RUTX08 enabled? You can enable it in System → Administration → Access Control.

If that is not the issue, could you please show your firewall configurations, as well as the routing table? You can connect to the device via CLI/SSH with username ‘root’ and use the following commands to view the routing table:

route -n
ip r show

Kind Regards,

Hello friend!
The problem is to reach RUTX11 from web.
From the outside via DDNS I reach RUTX08 but not RUTX11 via DDNS port 55555 of RUTX08.
OPENVPN TAP works so I assume that RUTX11 is in the same lan of RUTX08.
So, (I think…) if I reach RUTX08 from web via ddns alias, I must reach RUTX11 from web via ddns alias: 55555 and forwarding port 55555.

Thanks!!!

Hello,

With OpenVPN, there should a separate firewall zone in Network → Firewall. Could you please edit the zone and check if it allows forwarding from and to WAN zone? Also, try editing your port forwarding rule and specify OpenVPN zone as destination zone instead of LAN.

Let me know how it goes.

Kind Regards,

Hello, sorry for delay!
“Could you please edit the zone and check if it allows forwarding from and to WAN zone” Could you suggest where add WAN zone?

“Also, try editing your port forwarding rule and specify OpenVPN zone as destination zone instead of LAN.” Tried but works exactly as LAN.
Do you have 2 teltonika routers to simulate the problem?
Many thanks

Hello,

To allow traffic between WAN and OpenVPN, you can edit the OpenVPN => LAN zone and add ‘WAN’ to allow forward to destination zones and allow forward from source zone.

Kind Regards,

Sorry, doesn’t works…

Hello,

I assume that the RUTX08 forwards it to RUTX11, but when RUTX11 receives packets from an unknown network, it sends the reply via its own default route.

Could you try enabling masquerading on LAN => WAN+OpenVPN zone? This way, when the packets are forwarded, their source IP should be replaced with RUTX08 LAN IP and RUTX11 should send the response back through RUTX08.

Let me know how it goes.

Kind Regards,

Tried it. Nothing…

Hello,

Could you please share your OpenVPN, Network, and Firewall configurations please?

Kind Regards,

Sorry, new users can not upload attachments. Cannot upload more than 1 pic!
Have you a mail?
I have ready a word file with a lot of screenshot.

Hello,

Unfortunately, there is no way for us to share files privately. Thus, you will need to hide any sensitive information, like secret keys, public IP addresses, etc, and then share screenshots here.

For reference, here is a working configuration:

# TAP SERVER
mode server
tls-server
dev tap0
max-clients 6
verb 3
log-append /openvpn/openvpn6.log
keepalive 10 60
reneg-sec 0
cipher AES-128-CBC
status /openvpn/ovpn_status_6_result 30
status-version 2
port 1194

#CLIENT

client
dev tap
remote 84.xx.xx.xx
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-128-CBC
verb 3
key-direction 1
tls-client

Firewall on both:

Port forwarding on server:

If you still having issues, please, edit your screenshots to hide sensitive information and post them here.

Kind Regards,

This topic was automatically closed after 15 days. New replies are no longer allowed.