RAK 7249 udp packets not sent over openVPN connection

geeks-r-us · June 27, 2020, 11:21am

Hi,

I try to integrate a RAK 7249 in our existing Chirpstack Environment.
By now I have Gateways based on RPi + RAK2245 that communicate using UDP Packet forwarder via OpenVPN.

Now I wanted to add a RAK7249 because I need the LTE connection.

I setup LTE and OpenVPN which looks to work properly bebecause I can contact the web GUI over VPN connection and I can ping the chirpstack components from within the web GUI.

In the systemlog I can see that lora_pkt_fwd is working and sending up messages as well as the received datagrams.

Neither the up messages nor the datagrams are received on chirpstack side.
So every 30 datagrams the lora_pkt_fwd restarts.

Firmware Version is: 1.1.0062_Release r202

Here is the VPN config (which works fine on the RPi s) :

client
nobind
dev tun
remote-cert-tls server

remote vpn.mydomain.com 1194 udp4

<key>
-----BEGIN PRIVATE KEY-----
 ....
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>
redirect-gateway def1

Packet Forwarder is configured as follow:

Any idea why packets are not transferred to chirpstack?

Nicholas · June 28, 2020, 1:03am

Does the network need to connect to the server?
Gateway EUI displays the connection status on the chirpstack server ?
Can RAK7249 connect to network?

geeks-r-us · June 28, 2020, 8:57am

As far as I investigated the issue right now:
The UDP packages sent from the gateway do not arrive on the chripstack gateway bridge.
In the meantime I also tried to configure it to connect to the mqtt server of the chirpstack.
I can see a lot of failed connection attempts in the mosqitto log.
So the connection should be there.
Is there any extra config I need to do when the connection is established over LTE ?

Nicholas · June 28, 2020, 9:28am

You need to configure LTE APN and try to use it to connect to other networks normally.

geeks-r-us · June 28, 2020, 9:30am

APN is configured right.
LTE is currently the only connection and I can reach the web-gui ofter the vpn connection

Nicholas · June 28, 2020, 9:37am

Can you see the gateway connected on the Chirpstack?
Is the frequency band properly configured?

geeks-r-us · June 28, 2020, 9:41am

In chirpstack the gateway is shown as offline
frequency band is configured to 868 and lora log shows incoming messages.

Nicholas · June 29, 2020, 7:03am

Have you else sever to make gateway connect it?

geeks-r-us · June 29, 2020, 10:46pm

It’s currently the only system the gateway has access to.

Is there a need of adding / modifying the firewall rules to use the UDP forwarder over VPN / LTE ?

Nicholas · June 30, 2020, 1:18am

You are correct.
How do you log in to the gateway? You can try to modify the WAN port firewall.

geeks-r-us · June 30, 2020, 10:32pm

I tried your setting and some variations but without success.

Nicholas · July 1, 2020, 1:29am

Maybe you can try connecting to TTN to rule out the problem with your server.

geeks-r-us · July 1, 2020, 9:54am

I setup connection to TTN:

But same issue no acks:

Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: # PUSH_DATA datagrams sent: 1 (175 bytes)
Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: # PUSH_DATA acknowledged: 0.00
Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: ### [DOWNSTREAM] ###
Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: # PULL_DATA sent: 6 (0.00 acknowledged)
Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: # PULL_RESP(onse) datagrams received: 0 (0 bytes)
Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: # RF packets sent to concentrator: 0 (0 bytes)

Attached is what I tested by now:

So the issue must be placed with within the connection of VPN over LTE

Nicholas · July 2, 2020, 12:58am

Can you also see the gateway connection status when you connect to TTN?
If so, be sure to check your LTE connection, as he may not have access to the outside network, or switch to an LTE card.

geeks-r-us · July 3, 2020, 8:29pm

I tested the 2 scenarios:

new firewall setting + LTE only + TTN = success
new firewall settings + LTE + OpenVPN + TTN = failed

So issue must be within routing of udp over LTE + VPN

nalberto · July 4, 2020, 5:33pm

I am experiencing the same problem with a RAK7258. Gateway not showing as alive in chirpstack
Running on ethernet at the moment for testing
Could rak provide a config example and firewall rule settings if different from default

here is my openvpn config setting on the gateway.
I am using pritunl free version as the openvpn server

Notice I have tried adding “local xxx.xxx.xxx.xxx” with the gateway local ip and commented nobind as suggested in another post in this forum but no luck. Gateway not showing as alive in chirpstack

Also not that it runs on firmware 1.1.0062_Release r202 which i downloaded from the forum because 0061 does not allow to upload a config file.

setenv UV_ID xxxx
setenv UV_NAME xxxxx
local 192.168.1.13
client
dev tun
dev-type tun
remote xxx.xxx.xxx.xxx 15954 udp
#nobind
persist-tun
cipher AES-128-CBC
auth SHA1
verb 2
mute 3
push-peer-info
ping 10
ping-restart 60
hand-window 70
server-poll-timeout 4
reneg-sec 2592000
sndbuf 393216
rcvbuf 393216
#max-routes 1000
remote-cert-tls server
comp-lzo no
key-direction 1

nalberto · July 6, 2020, 6:55am

Hi @geeks-r-us
I am hoping we can get to the end of this.
In my case the gateway is connected with ethernet, I tried with wifi also and get the same issue.
I don’t believe it is because of the LTE connection. I see from your diagram above that you got it working with two gateways not on LTE. Can you please confirm that please?

Can you please share your client openvpn config on the gateway that is working?

Did you find a way to test the upd traffic? I tried a few commands from terminal in the gateway to test access to the udp port of the chirpstack server but can’t get anything to work. Relying just on the status of the gateway on chirpstack.

Nicholas · July 6, 2020, 7:28am

Please refer this document:

nalberto · July 6, 2020, 9:32am

Thanks Nicholas but I have been through it before and it is not explaining why udp packets are not getting to the server but the rest is. Again I am using pritunl because it is much easier to set up and manage and it is built with openvpn .

Nicholas · July 6, 2020, 9:35am

Are you also using an external server? Is everything normal when you’re not using OpenVPN?