LAN from 5G Router to WAN Port on Balance 20X for VPN

blkdoc · April 27, 2024, 8:23am

Hello I am trying to setup an OpenVPN connection to the router. I have a 5G device that is by a window in other to get good connectivity and a cable from 5G device LAN port to the WAN port (192.168.1.109) of a Balance 20X to provide internet connectivity around the building.

I have configured the openVPN for client access as well has setup DDNS with a hostname. I when I try to connect to the Peplink 20X with the Open VPN client I get the following errors,

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sat TLS Error: TLS handshake failed

What do I need to get this working?

Paul_Mossip · April 30, 2024, 6:43pm

I can think of multiple ways it wouldn’t work.

Is your 5G connection CGNAT or do you get a real routable IP (What is the WAN IP on the 5G device?)
If CGNAT it won’t work at all, and that is expected.

If you get a real IP, are you forwarding your OpenVPN port from the 5G device to the B20X?. given a WAN address of 192.168.1.109 the 5G device is clearly NAT translating the traffic. That is something that you would have normally covered in explaining the setup.

and can you tell us what is the “remote” line in the .ovpn file?

remote 124.199.103.79 993

I also prefer to use TCP and port 443 or 80 so that it works even if the internet connection is tightly locked down to only allow web traffic.

blkdoc · April 30, 2024, 10:29pm

@Paul_Mossip

Thank you for the input and reply.

No, the WAN IP is not CGNAT.

This is something I was thinking of doing but not done yet and not sure if I am already using port 443 this is still needed.

The remote IP Line is remote libra40-44.point2this.com 443 this is a DDNS hostname I set up in the WAN connection of the 20x.

Yes, I am using port 443.

Regards,
Abby

Paul_Mossip · April 30, 2024, 10:52pm

I would just run a packet capture on the B20X and see that the traffic was arriving. If we have two way communication then we can look at the configuration.

blkdoc · April 30, 2024, 11:00pm

@Paul_Mossip

on changing the port to 443 I am getting a different error below.

Tue Apr 30 23:59:12 2024 dco connect error: The semaphore timeout period has expired. (errno=121)

Do you suggest still configuring the port forwarding on the 5G router?

Paul_Mossip · May 1, 2024, 12:04am

You have to port forward on the 5g router. It won’t work if you didn’t do that. UDP or TCP

Or you can put it into a bridge mode. I don’t know the capabilities of your 5g unit.

blkdoc · May 1, 2024, 9:30am

@Paul_Mossip

Yes, I will try that today and see if it fixes the issue.

blkdoc · May 1, 2024, 9:38pm

@Paul_Mossip

The port forwarding didn’t work so I connected a router with PPPoE in passthrough mode as a second priority option in the Balance 20x.

It did manage to connect once but not been able to connect since.

I keep getting this errors in the OpenVPN logs
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

Paul_Mossip · May 1, 2024, 9:52pm

2nd priority is unlkiely to work. Again, run packet captures at the B20X… if you don’t see the packets the issue is elsewhere. Networking is failrly basic. packets and 2 way communication first… other things after.

MANGA/support.cgi