How to Set Up a Teltonika RMS VPN Hub

Last Updated: January 2026
Applies To:Teltonika RUT Routers (RUT2xx, RUT9xx, RUTX Series, RUTM Series), Teltonika RMS
Author:Forest Rock Technical Support

1. Overview

Teltonika’s RMS (Remote Management System) includes a built‑in VPN module that allows secure remote access to devices behind Teltonika routers without port forwarding or public IP addressing. The “RMS VPN Hub” feature provides a centralised OpenVPN server hosted within the Teltonika cloud.

This article explains how to create, configure, deploy, and use an RMS VPN Hub.

2. Prerequisites

Before creating an RMS VPN Hub, ensure:

• Router is registered and online in RMS

• RMS credits are available

• You have administrator rights for the RMS company profile

• Router is running RUTOS and using the latest supported firmware

• Devices that need remote access (e.g., JACE, PLCs, HMIs) are reachable from the router’s LAN

Teltonika’s RMS Manual provides further guidance on prerequisites and VPN behaviour. [wiki.telto...tworks.com]

3. Create a New VPN Hub

1. In RMS, navigate to:
   VPN → VPN Hubs

2. Select Add VPN Hub.

3. Enter a Hub Name (no spaces).

4. Choose VPN Type:

   • TUN (Layer 3) – Recommended for most deployments

   • TAP (Layer 2) – Legacy/beta mode for special cases

5. Select the Data Centre Region closest to the site.

6. Click Create.

A cloud‑hosted OpenVPN server is deployed in your chosen region.

4. Add Users to the VPN Hub

1. Open the newly created VPN Hub.

2. Go to Clients → Add → RMS Users.

3. Select all RMS users requiring access.

Optional: VPN‑Only Users

RMS allows adding “custom users” who do not have RMS portal access but can access only the VPN. Ideal for subcontractors or temporary access scenarios.

5. Add Teltonika Routers to the Hub

1. Go to Clients → Add → RMS Devices.

2. Select the router you want to attach (must be online).

3. RMS automatically:

   • Generates certificates

   • Pushes VPN configuration to the router

   • Syncs authentication credentials

No manual router configuration is required.

6. Configure Routing

Routing determines which subnets and devices can be reached through the VPN connection.

6.1 Enable LAN/WAN Forwarding

In the Routes tab:

• Enable LAN Forwarding to access devices behind the router

• Enable WAN Forwarding if accessing devices upstream of the router

• You may enable both if required

RMS automatically creates firewall rules based on these toggles.

6.2 Add Destination Routes

1. Click Add Route.

2. Use Autoscan to detect accessible subnets.

3. Select the IPs/subnets of the devices you need to reach (e.g., a JACE on 192.168.x.x).

4. Click Add.

RMS will prompt you to restart the VPN Hub.

6.3 Restart Hub

Click Restart Hub (top‑right).
This activates all routing and firewall configurations.

7. Connecting via RMS VPN Client

Teltonika provides a dedicated RMS VPN client for Windows, macOS, iOS, and Android.
Download links are available directly in the VPN Hub page. [youtube.com]

Steps:

1. Install the RMS VPN Client.

2. Log in using your RMS credentials.

3. The configured VPN Hub will automatically appear.

4. Toggle the switch to Connect.

5. The client establishes an OpenVPN tunnel to the RMS VPN Hub.

8. Accessing Devices (e.g., JACE)

Once connected:

• You can browse directly to LAN devices

  https://<LAN-IP>
  
  

• Niagara Workbench access:

  foxs://<LAN-IP>
  
  

• Full Platform access is supported via secure VPN.

This allows remote engineering access without port forwarding, CGNAT issues, or modifying customer firewalls.

9. Troubleshooting Tips

10. Related Documentation

• Teltonika RMS Manual (VPN Section) [wiki.telto...tworks.com]

Let us know by way of customer feedback if you found this knowledge document helpful.

💬 We’d love your feedback! 
Please take a moment to complete our quick Customer Survey
it only takes a minute and helps us to serve you better!