OpenVPN does not connect on mobile Interface

F_Renz · July 21, 2023, 1:20pm

Hallo,
I have a TRB140 in use. 1st time that I work with this kind of devices. I try to create a Tunnel with Open VPN.
The device is connected with LAN-Interface in my internel LAN. And with LTE-Interface (mobile) to WAN.
If I enter at PC (Client) in the “client.ovpn” config-file the IP from the LAN-interface the tunne works perfect. But with LTE interface it doesn’t work.

*** This header config works ****
remote 192.168.2.1
proto udp4
port 1194
dev tun
client
verb 5
remote-cert-tls server
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
data-ciphers-fallback AES-256-CBC
keepalive 10 60
float
persist-tun
persist-key
auth SHA256
pull
link-mtu 1300

**** And this header doen’t work.****
remote “url or IP” from WAN-interface"
proto udp4
port 1194
dev tun
client
verb 5
remote-cert-tls server
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
data-ciphers-fallback AES-256-CBC
keepalive 10 60
float
persist-tun
persist-key
auth SHA256
pull
link-mtu 1300

What’s wrong in my config or on TRB140 site.

Thanks for your help!

Franz

AndzejJ · July 24, 2023, 5:42am

Hello,

Could you check the WebUI of your TRB device and provide the first two sets of numbers (octets) from the IP address listed for your mobile interface?

Kind Regards,

F_Renz · July 24, 2023, 7:26am

Hello AndzeiJ,
thanks for your reply!
I have set in TRB the mobile Interface to IP4. Current publ. IP on mob. interface starts with 100.70.xx.xx/32

grafik

Kind regards

AndzejJ · July 24, 2023, 7:39am

Hello,

Your current IP address is not public; it falls within a CG-NAT range. This means that your internet service provider is performing NAT on your traffic. Hence, your device is not directly accessible from the internet. To make your device reachable over the internet so that clients can connect to the VPN server, you will need to obtain a public IP address.

Kind Regards,

F_Renz · July 24, 2023, 8:10am

Hello,
that was not really clear to me. But now explain everything to me.
Not getting a ping from the public IP, I thought it was coming from the TRB device’s firewall… I was already doubting myself.

I will get another SIM card and try again.

MANY THANKS FOR THE EXPLANATION!

kind regards

AndzejJ · July 24, 2023, 8:31am

Hello,

You can try contacting your SIM card provider and asking about the possibility of obtaining a public IP address. If they offer this service, they will likely provide you with a specific APN that you can use to get a public IP address.

To configure the custom APN on the router, navigate to Network → Interfaces → Edit mob1s1a1 interface → Disable Auto APN and enter a custom APN from the provider.

Kind Regards,

F_Renz · July 24, 2023, 9:52am

Hello,
Now I have used temporary a SIM from T-Mobile and APN: internet.telekom. I get here a IP in range 10.xx.xx.xx. Here the same bug. It seems this CG-NAT range from T-Mobile. I found in Web a alternate APN from T-Mobile with name: internet.t-d1.de. Here I get a IP in Range 37.xx.xx.xx. I change the IP in OVPN config and try again → Here it works fine. VPN-Connect is now successful connected → Wonderful.

Many thanks for your great help!!

Kind Regards

system · August 5, 2023, 1:20pm

This topic was automatically closed after 15 days. New replies are no longer allowed.