Hello, I installed ssh on 192.168.2.34, created an incoming rule for port 22 RUT955: lan to vpn accept masquerading=yes / vpn to lan accept masquerading=yes Everything is ok: ping, traceroute, ssh, winscp from 192.168.2.34 and from any server-side machines - filezilla gives still an error - openvpn...

Hello Jean-Philippe, I see you made good progress with Sindy, that's great, we are almost there. I would recommend doing a tcpdump on the Teltonika to confirm the packet flow. For example you could capture on the tunnel interface using: tcpdump -nn -i tun_c_rut955_ovpn_client , try to connect and ch...

Hi Jean-Philippe, in this case the information about the certificates is not important, just the "key usage" attribute (TLS Server and Client on each side accordingly), who signs the certificate (the trusted CA on both side) and a valid Date (also on both) is important. About the last post...

Hi JPH (?), sorry, I totally missed your response. The configuration on Mikrotik side is made according to the Wiki page. You can follow this document to create certificates for both OVPN server and Client and then go to this article of the wiki to configure the server. On the Teltonika side you hav...

Hello, what a coincidence, I got yesterday a Teltonika RUT955 to test. Nice OpenWRT based router with a AR9344 SoC (RB951...wink...wink ). Just configured IPSEC and OPENVPN (around 10Mbps throughput) and works fine, clean interface and many options. In case you still need configuracion, for the Mikr...

Hi Guys, just wanted to make a little contribution about HTTPS blocking. Nowdays, you have two ways of blocking traffic in HTTPS: - Man in the middle attack and see HTTPS traffic as clear. - Alternates ways of detecting or maybe guessing is a better term of what a user is doing. I'd like to talk abo...

Dears, I know that this is an old thread, but could save someone hours of testing. After hours of trying and trying and trying with the same problem, I've found that you have to ENABLE REPLAY DETECTION IN PHASE 2!!!!! (in the Fortigate ofcourse, Mikrotik is never wrong....:-) ) Hope it helps. Regard...