fiber connection to internet (public)
DDNS to reach it from the outside
OPENVPN TAP server
Port forward 55555 to IP static of RUTX11
RUTX11 sim connection to internet (private)
OPENVPN TAP client
DHCP off and IP set static for RUTX11
From the PC connected to RUTX08 I reach RUTX11 and also the connected PC.
From the PC connected to RUTX11 I reach RUTX08 and also the connected PC.
From the outside via DDNS I reach RUTX08 but not RUTX11 via DDNS port 55555 of RUTX08…
I think it’s a routing problem… Can someone help me?
I assume you can reach RUTX11 on port 55555 via port forwarding. But you cannot reach RUTX08s WebUI. Is that correct?
Is remote HTTP(S)/SSH access on RUTX08 enabled? You can enable it in System → Administration → Access Control.
If that is not the issue, could you please show your firewall configurations, as well as the routing table? You can connect to the device via CLI/SSH with username ‘root’ and use the following commands to view the routing table:
ip r show
The problem is to reach RUTX11 from web.
From the outside via DDNS I reach RUTX08 but not RUTX11 via DDNS port 55555 of RUTX08.
OPENVPN TAP works so I assume that RUTX11 is in the same lan of RUTX08.
So, (I think…) if I reach RUTX08 from web via ddns alias, I must reach RUTX11 from web via ddns alias: 55555 and forwarding port 55555.
With OpenVPN, there should a separate firewall zone in Network → Firewall. Could you please edit the zone and check if it allows forwarding from and to WAN zone? Also, try editing your port forwarding rule and specify OpenVPN zone as destination zone instead of LAN.
Let me know how it goes.
Hello, sorry for delay!
“Could you please edit the zone and check if it allows forwarding from and to WAN zone” Could you suggest where add WAN zone?
“Also, try editing your port forwarding rule and specify OpenVPN zone as destination zone instead of LAN.” Tried but works exactly as LAN.
Do you have 2 teltonika routers to simulate the problem?
To allow traffic between WAN and OpenVPN, you can edit the OpenVPN => LAN zone and add ‘WAN’ to allow forward to destination zones and allow forward from source zone.
I assume that the RUTX08 forwards it to RUTX11, but when RUTX11 receives packets from an unknown network, it sends the reply via its own default route.
Could you try enabling masquerading on LAN => WAN+OpenVPN zone? This way, when the packets are forwarded, their source IP should be replaced with RUTX08 LAN IP and RUTX11 should send the response back through RUTX08.
Let me know how it goes.
Could you please share your OpenVPN, Network, and Firewall configurations please?
Sorry, new users can not upload attachments. Cannot upload more than 1 pic!
Have you a mail?
I have ready a word file with a lot of screenshot.
Unfortunately, there is no way for us to share files privately. Thus, you will need to hide any sensitive information, like secret keys, public IP addresses, etc, and then share screenshots here.
For reference, here is a working configuration:
# TAP SERVER
keepalive 10 60
status /openvpn/ovpn_status_6_result 30
Firewall on both:
Port forwarding on server:
If you still having issues, please, edit your screenshots to hide sensitive information and post them here.
This topic was automatically closed after 15 days. New replies are no longer allowed.