Rejected request from RFC1918 IP to public server address

tbr · July 10, 2023, 6:54am

I have a RUT240 that is connected to RMS. When I try to connect to the webinterface of the router this message shows up: Rejected request from RFC1918 IP to public server address
I already found the work around by activating the rfc1918 filter the uhttpd file and was able to connect to the webinterface, but it is still not possible to access devices that are connected to the lan interface using the vpn.
Is it possible to solve this without changing the IP address?

AndzejJ · July 10, 2023, 8:18am

Hello,

The RFC1918 error message you’re encountering likely arises due to an attempt to access the public IP address of your router from a private subnet. If everything is configured correctly, you should be able to access RUT240 via its LAN IP address from your VPN client. For example, via 192.168.1.1.

Please, double-check your RMS VPN settings. Navigate to the VPN Hub → Route and ensure that you’ve activated LAN forwarding and have added a proper route through the device. For instance, if the RUT240’s LAN network is 192.168.1.0/24, you should add a route within RMS VPN Hub to the subnet 192.168.1.0 with a netmask of 255.255.255.0, specifically via the RUT240 device. This process is explained in a video tutorial here.

Although the tutorial explains how to add a route automatically, if this method is unsuccessful, I recommend manually adding the route as outlined above.

Kind Regards,

tbr · July 10, 2023, 9:07am

Hi.
thanks for your reply,
I checked those settings, but could not find any mistakes.
Is it possible to see in the logs of the router if there is a ping to a connected device that is not routed correctly?

AndzejJ · July 10, 2023, 11:27am

Hi,

Is the issue with accessing LAN devices or RUT240 itself?

You can monitor traffic with TCPDump from the command line (command line instructions here). You will need to install the package first:

opkg update
opkg install tcpdump
tcpdump (will run on LAN interface, but you can specify WAN interface via -i option, like -i wwan0)

If the issue is with LAN devices, make sure those have a gateway configured on them and it points to the LAN IP address of RUT240. You can also try enabling masquerading in Network → Firewall → General settings → LAN => RMS zone.

Kind Regards,

tbr · July 10, 2023, 12:26pm

The problem is only with accessing LAN devices. The RUT was accessible after activating the RFC1918 filter.
Using tcpdump i saw that the ping is reaching the network but the device doesnt answer. When i ping from the router itself, i get an answer.

AndzejJ · July 11, 2023, 10:19am

Hi,

It is likely that the device does not know where to route the packets it receives. When you ping from RUT240, it knows how to reach the device. Thus, check if you have configured the device with a gateway pointing to RUT240 as I have mentioned. For testing, you can enable masquerading on LAN as I already wrote in my previous response. This way, the packets will appear as if they were sent from RUT240 so the device should reply.

Kind Regards,