RAK 7249 udp packets not sent over openVPN connection

I setup connection to TTN:

But same issue no acks:

Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: # PUSH_DATA datagrams sent: 1 (175 bytes)
Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: # PUSH_DATA acknowledged: 0.00
Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: ### [DOWNSTREAM] ###
Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: # PULL_DATA sent: 6 (0.00 acknowledged)
Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: # PULL_RESP(onse) datagrams received: 0 (0 bytes)
Wed Jul  1 11:38:52 2020 user.notice lora_pkt_fwd[27404]: # RF packets sent to concentrator: 0 (0 bytes)

Attached is what I tested by now:

So the issue must be placed with within the connection of VPN over LTE

Can you also see the gateway connection status when you connect to TTN?
If so, be sure to check your LTE connection, as he may not have access to the outside network, or switch to an LTE card.

I tested the 2 scenarios:

new firewall setting + LTE only + TTN = success
new firewall settings + LTE + OpenVPN + TTN = failed

So issue must be within routing of udp over LTE + VPN

I am experiencing the same problem with a RAK7258. Gateway not showing as alive in chirpstack
Running on ethernet at the moment for testing
Could rak provide a config example and firewall rule settings if different from default

here is my openvpn config setting on the gateway.
I am using pritunl free version as the openvpn server

Notice I have tried adding “local xxx.xxx.xxx.xxx” with the gateway local ip and commented nobind as suggested in another post in this forum but no luck. Gateway not showing as alive in chirpstack

Also not that it runs on firmware 1.1.0062_Release r202 which i downloaded from the forum because 0061 does not allow to upload a config file.

setenv UV_ID xxxx
setenv UV_NAME xxxxx
dev tun
dev-type tun
remote xxx.xxx.xxx.xxx 15954 udp
cipher AES-128-CBC
auth SHA1
verb 2
mute 3
ping 10
ping-restart 60
hand-window 70
server-poll-timeout 4
reneg-sec 2592000
sndbuf 393216
rcvbuf 393216
#max-routes 1000
remote-cert-tls server
comp-lzo no
key-direction 1

Hi @geeks-r-us
I am hoping we can get to the end of this.
In my case the gateway is connected with ethernet, I tried with wifi also and get the same issue.
I don’t believe it is because of the LTE connection. I see from your diagram above that you got it working with two gateways not on LTE. Can you please confirm that please?

Can you please share your client openvpn config on the gateway that is working?

Did you find a way to test the upd traffic? I tried a few commands from terminal in the gateway to test access to the udp port of the chirpstack server but can’t get anything to work. Relying just on the status of the gateway on chirpstack.

Please refer this document:

Thanks Nicholas but I have been through it before and it is not explaining why udp packets are not getting to the server but the rest is. Again I am using pritunl because it is much easier to set up and manage and it is built with openvpn .

Are you also using an external server? Is everything normal when you’re not using OpenVPN?

Yes I have around 10 gateways on that server. I manage the server so have root access to it. It is running chirpstak. I have tried with 2 different RAK7258 and I get the same issue. The vpn connection works so I can get to the admin interface but no udp packets seem to go to the server.
Wifi or ethernet connection on the gateway does not make any difference.

Can you show pictures to make the problem clear? :face_with_raised_eyebrow: :face_with_raised_eyebrow: :face_with_raised_eyebrow:

Can you send me your email in a private message and I will show you my settings?

[email protected]

Just sent you an invite to show you my screen

It’s likely the effective NAT where you enter the VPN and nothing to do with the LTE at all.

Notice you have two gateways on the local subnet - there have been reports before of some NAT implementations not being able to handle multiple endpoints running the Semtech UDP protocol. It’s also possible that a misconfigured NAT might not handle even a single one.

Since you are using the chirpstack gateway bridge, try moving that onto the gateways (I believe it’s built into all the RAK images?) or at least on a machine on their subnet, and run it rather than the UDP through the VPN over LTE. The gateway bridge then speaks a connected protocol which is far easier for NAT implementations to correctly route back onto the local subnet than UDP packets are.

@nalberto @geeks-r-us
I used the VPN provided by Nicolas Alberto for the test, which was normal on my own server.

Here are some of my configurations! image

Thank Nicholas. That really helps.

I can see this is working for you but your chirpstart server is not on a public address. Not sure if that makes a difference.
Maybe my chirpstack server is blocking something coming in? But it seems odd since it is still coming via udp on port 1700

I have tried with the gateway mqtt bridge fowarding to my chirpstack server and that works.

I used the built-in server in the Raspberry PI gateway, which was normal.

Thanks @Nicholas
It is now working fine for me. I have made so many changes that I can’t really tell what was wrong now :slight_smile:
I installed a fresh version of chirpstack and installed the lastest firmware for the rak7258 1.1.0063_Release r205
I would recommend pritunl over the standard openvpn installation. Pritunl is a lot easier to install and manage.

My firewall rules are the default ones and it work. Good to know as well.

Last firmware update solved the problem.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.