When ordering a Teltonika or Advantech router with an mdex fixed.IP+ or mdex public.IP as network type OpenVPN, the routers are delivered pre-configured and ready for operation by Wireless Logic mdex.
When changing the router configuration or manually reconfiguring, key aspects of OpenVPN functionality, especially for Teltonika routers, must be considered.
Teltonika Router
Advantech Router
Teltonika Router
The router must already be configured as per Setting up the OpenVPN client of an Advantech router as 'mdex fixed.IP+' or 'mdex public.IP'.
Router Remote Access
Under System → Administration → Access Control, the respective remote access is activated or deactivated, see also here. When using a mdex fixed.IP+ or mdex public.IP as network type OpenVPN on the router, under Network → Firewall → Traffic Rules the Source zone 'openvpn' must be set in the relevant rules:
- 'Enable_HTTP_WAN'
Relevant for HTTP remote access. -
'Enable_HTTPS_WAN':
Relevant for HTTPS remote access. -
'Enable_SSH_WAN'
Relevant for SSH remote access. -
'SNMP_WAN_Access':
Relevant for SNMP remote querying, see also here.
A subsequent adjustment of the Source zone from 'wan' to 'openvpn' can be made for the respective 'Firewall Traffic Rule' by clicking the 'Edit' button, see example:
Forwarding of All Ports and Protocols (as "DMZ")
If under Network → Firewall → DMZ the forwarding of all ports and protocols "as DMZ" to a device is activated, the following forwarding rules are automatically created under Network → Firewall → Port Forwarding (see remote access), which are automatically activated or deactivated depending on the status set under System → Administration → Access Control. Without these rules, the respective remote access to the router would no longer work when DMZ is enabled.
-
dmz_http:
Relevant for HTTP remote access to the router. -
dmz_https:
Relevant for HTTPS remote access to the router. -
dmz_ssh:
Relevant for SSH remote access to the router. -
dmz_snmp:
Relevant for SNMP remote querying of the router, see also here. -
dmz_fw:
Forwarding of all ports and protocols (DMZ) to this IP address (end device). This rule must generally be executed last and therefore placed at the very bottom of the table.
Since firmware version R_00.07.06.5, these forwarding rules are automatically added with the Source zone that is usually set in the dmz_fw rule. It must therefore be ensured that the dmz_fw rule has the Source zone 'openvpn' set so that the other rules are also created with this Source zone 'openvpn'. A subsequent adjustment of the Source zone from 'wan' to 'openvpn' can be made for the respective rule by clicking the 'Edit' button, see example:
If the DMZ function under Network → Firewall → DMZ is deactivated and then reactivated, all relevant rules will now be automatically recreated with the Source zone 'openvpn'.
Important note regarding the 'dmz_dhcp' rule
The 'dmz_dhcp' rule serves as a bugfix from firmware R_00.07.14 for regular interruptions of the mobile data connection, see also here. This rule must therefore always have the Source zone 'wan' and must not be changed to 'openvpn'!
Individual Forwarding of Specific Ports
The port forwarding rules created under Network → Firewall → Port Forwarding must be adjusted after adding by using 'Edit' so that the Source Zone is changed from 'wan' to 'openvpn', see example:
-
Add a new port forwarding rule under Add new instance with Add.
-
This rule is initially created with the Source zone 'wan'. Click the 'Edit' button to adjust it.
-
Now set the Source zone 'openvpn' and confirm with 'Save & Apply':
-
The port forwarding rule now has the correct source zone 'openvpn':
Advantech Router
If the OpenVPN client of an Advantech router is already configured according to Setting up an OpenVPN client on an Advantech router as 'mdex fixed.IP+' or 'mdex public.IP', the setup or adjustment of remote access or port forwarding is carried out in the same way as remote access via the IP address of the SIM card.