I spend many hours and days and did some testings that I’d like to share to this Community concerning Teltonika RUT240 (RUT241 acts similarly) set to Passthrough mode and pluggedin to behind-connected different Business routers from most well-known Companies on the market: Cisco’s, Juniper’s and Huawei’s.
Generally speaking, only Cisco routers are compatible and cooperate correctly with RUT240, but Juniper and Huawer routers plugged-in to RUT240 doesn’t work at all effectively with Passthrough mode.
It doesn’t matter which version of RutOS I use, this problem persists and is visible starting from RutOS 7.01/02/03 and now 7.04 (even with latest available firmware: 7.04.4 doesn’t work).
What is interesting here, old Legacy firmware RUT2XX_R_00.01.14.6 (I guess it had implemented this feature differently) Passthrough is not affected with that, so it works smoothly withouth any problems, no matter what other Router we gonna plugg-in: Cisco, Juniper, Huawei etc., RUT240 always sends out traffic to Internet, withouth any blocking etc.
In my earlier topic, I have mentioned about that behavior in the old Forum, but that was mostly concering only remote management via HTTPS/SSH, you can read it with this threat:
So, what is exactly going on? What I am doing exactly? [Step-by-Step]
- I reconfigure Teltonika RUT240 [Mobile interface mob1a1s1] from NAT mode to Passthrough mode, set additional MAC Address of behing-connected router.
- Plugg-in third Party Router (this case one of the: Cisco, Juniper, Huawei) set it’s interface WAN interface to acquire IP address from DHCP Process and plug RJ45 cable to lan RUT240 Teltonika ( interface was also tested here, no differences at all).
- My Router interface (set as DHCP Client) is getting and is assigned public IP address correctly from Teltonika DHCP Server, I also receive default-routing to the Internet (0.0.0.0/0) through RUT240, which should be enough to have some connectivity to Internet.
- However, from my router’s WAN interface (let’s say its Juniper/Huawei), when I want to execute simple ICMP Echo PING test to the Internet (like to destination IP 126.96.36.199 - this might be any whatever public IP) sourced from my public IP (get from Teltonika) traffic is being send out to the next-hop IP to Teltonika RUT240
and here traffic is being blocked or dropped at all. No communication out to the Internet.
In simple: I don’t have (working) routing out to the Internet - even that I see and have default-routing in routing table, traffic is being blocked or dropped at the ingress of Teltonika RUT240, or something is messing this.
- I tried even to reconfigure from Passthrough mode directly to Bridge mode - it ends with same results/behavior, failing. I even changed from DHCP-assigned IP address to static IP address configuration, but it doesn’t matter at all.
Few things in my head to consider, here:
RUT240 might wrongly recognizes and process incoming (my) IP packets generated from my Juniper/Huawei at it’s Firewall, so it’s being blocked/dropped implicitly etc. It doesn’t try to send it out to Internet, at all.
(Here: I even tried to set in Firewall section, additional rules: LAN_to_WAN and WAN_to_LAN permit all traffic, without any positive results).
it has something to do with working with network masks /30 or /32, here - Teltonika might miscorrectly recognizing (my) IP traffic - that was originated from my router from the same IP address that it has on it’s mobile interface mob1a1s1.
This might mess recognition traffic at routing-table standard rules etc. I don’t know.
Here, what is interesting, Teltonika RUT240 is assigning via DHCP IP address with mask /32 get from ISP 4G LTE Network to my LAN-connected device and creates special virtual-IP-subnetwork with mask /30, where:
- first IP/30 - network itself (not usable; network subnet)
- second IP/30 - public IP address given and assigned to my device from RUT240
- third IP/30 - public virtual-gateway IP address at Teltonika RUT240 >>> this doesn’t exist anywhere its local-scoped IP used for routing-out traffic to Internetm allthough its public IP address
- fourth IP/30- broadcast (not usable)
ATTENTION! This virtual-gateway IP address << placed at Teltonika RUT240 >> is not responding to ICMP Echo Pings at all, even locally between my router and Teltonika, so using this IP as the next-hop for default-route is problematic, because we don’t know is it usable or not at all.
Cisco generally is very flexible and is able to correctly route the traffic into DHCP Process itself (from which I received IP address) while Juniper and Huawei probably need to have explicitly defined and usable (and likely to responding) next-hop IP address to send traffic out to Internet, not sure.
Which devices I have tested:
- Cisco 897 - Passthrough works 100% OK, Teltonika assings IP address correctly, full routing-out to the Internet through default-route to RUT240
- Juniper SRX300 - Passthrough not works OK, Teltonika assings my device IP address correctly, but no routing out to the Internet through default-route to RUT240
- Huawei AR1200F - Passthrough not works OK, Teltonika assings my device IP address correctly, but no routing out to the Internet through default-route to RUT240
- I attach few pictures and topology to uderstand it better at close look.
- I WANT TO BUT I CANNOT HERE !! to add attachements but I get message " Sorry, new users can not upload attachments."!! please Contact and PM to me, I can provide you:
- full Report’s from Test with 39 pages in Words (configs RUT240, Cisco,Juniper, Huawei etc. / logs / troubleshooting / debugs etc.), that might give you clue to developers what is problematic.
- collected from Teltonika (5) PCAP’s files - for futher analysis
Physical Topology– attached below
Logical Topology– attached below
Please address this topic to your Developers to find some solution that should be globally implemented, fixed this permanently in new RutOS firmwares, since this is not fixed for 2 years from now (counted from LegacyOS RUT240 which is no longer developed, but where everything was working fine).
This problem refer to the large number of models and some other Vendor devices too I guess (if u need - I might check out other Juniper’s and Huawei models) but I guess this is repeatable issue, no mater which model I choose.
(BTW Last time when I reported case-related to, it was operated by: Zygimantasbilu and DaumgatasG from old Forum).