We have now the OpenVPN connection running connecting the Synology OpenVPN server over the mobile network to the Teltonika RUTX11. However you will notice that once you enter the IP address of your Teltonika device as seen on your VPN Server for this connection (in my case 10.8.0.6) , its not yet working.
Step 1. Add a static route to your Router
In most case the Home Network will use another IP range than the OpenVPN server is giving to the clients. Therefore we need to tell our Home Router the way to this network. In my case its a FritzBox but it works similiar on other routers.
Add a new static route on Home Network -> Network -> Network Settings -> Static Routing Table -> New IP4 Route
Step 2. Modify the Firewall at the Teltonika RUTX11
On your Teltonika Router open Network -> Firewall -> Traffic Rules and enable “allow-openvpn-traffic” rule.
Now you should be able to open the Teltonika management website using the IP address assigned from OpenVPN.
Did this help you or do you have a question? Let me know at the comments.
I recently bought this router for the Camper Van to have a good connectivity while on the road. I want to use OpenVPN to remote control the Teltonika device while operating on a mobile network. Usually a fixed IP is needed on the SIM card which is inconvenient to get.
I configured the OpenVPN connection using the exported configuration but it never established a connection. I also noticed that I won’t ask for username/password but this is required to connect to Synology’s OpenVPN server.
The support documents at the Teltonika website didn’t really fit to my situation with Synology.
This instructions are written for the RUTX11 but should be usable on other Teltonika models as well.
1.Identifying the issue
To read the logfile on the Teltonika router I opened System -> Administration -> Troubleshoot -> Show (System Log)
One line caught my eye:
daemon.err openvpn(Test)[3644]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd – can’t ask for ‘Enter Auth Username:’. If you used –daemon, you need to use –askpass to make passphrase-protected keys work, and you can not use –auth-nocache.
The issue identified
So the issue is that Username/Password is required for Synology OpenVPN but the Teltonika expects a certificate based authentication.
2. Solution
Its quite simple to fix.
Connect with WinSCP to the Teltonika Router. I had to change the Transfer protocol to SCP to make the connection working. Then open /etc/openvpn/ and create a new file “userpass”. Place the username required to connect to the Synology OpnVPN server at the first line and the password on the second line. Save the file.
Open the VPNConfig.ovpn file from the Synology OpenVPN configuration export and change:
“auth-user-pass” to “auth-user-pass /etc/openvpn/userpass”
Now import the VPNConfig.ovpn at your Teltonika Router on Services-> VPN-> OpenVPN-> Add
Specify Role to be “Client”
On the Main Settings page
Enable -> On
External Services -> Off
OpenVPN configuration file -> Select the previously modified VPNConfig.ovpn file
Remark (Not needed for the above issue but may be helpful for some users): My Synology is reachable from Internet using a certain DNS name. Therefore I need to include the DNS name at VPNConfig.ovpn on the line starting with “remote…”
“Failed to connect to Let’s Encrypt. Please make sure your Diskstation and router have port 80 open to Let’s Encrypt domain validation from the Internet. All other communications with Let’s Encrypt go over HTTPS to keep your Diskstation secure.”
Is was searching for port forwarding issues on port 80 and 443. But seems all correct and working. Must be something else. Finally found the root cause.
The website was reachable using www sub- domain prefix but not without. Using mathiasirmer.com there was a not working redirection. As soon as I fixed this I was able to get the certificate from Lets Encrypt. So don’t let this error message guide you in the wrong way.
Do you see this issue and need help? Leave me a comment!
