Teltonika Protocol Encryption

Han Wer4 years ago

Teltonika devices can talk to server which has TLS/DTLS enabled.
You can see it in https://wiki.teltonika-sas.com/view/TMT250_GPRS_settings in section Server Settings.

Is Traccar capable of having a TLS layer enabled for the Teltonika protocol?

Anton Tananaev4 years ago

I don't think so, but also I don't see any details.

mc3 years ago

Maybe there is more information here:
https://wiki.teltonika-gps.com/view/FMC130_GPRS_settings#TLS/DTLS

Would also be interested - but Im wondering in which scenario this is needed

Anton Tananaev3 years ago

It just says TLS/DTLS, but it doesn't provide any details. Like, for example, which algorithms the device is using.

Dawid Switon-Maniakowski3 years ago

I would rather suggest to use different tool to get TLS instead of implementing it in traccar project. You can try to use nginx open source and make a proxy of TCP socket:
https://docs.nginx.com/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream/

Davida year ago

here's my nginx rproxy configuration (if it helps anyone..):

upstream gps_teltonika_backend {
        server 192.168.1.5:5027;
}

server {
        listen 5027 ssl;
        proxy_pass gps_teltonika_backend;        

        #teltonika sadly does only support TLSv1.1
        ssl_protocols   TLSv1.1 TLSv1.2 TLSv1.3;

        ssl_certificate /etc/letsencrypt/live/traccar.example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/traccar.example.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/traccar.example.com/chain.pem;
}

for this, you only have to download the traccar ssl certificate out of the webbrowser and upload it onto the device

hornyakn10 months ago

Thanks David, this is helped a lot.

hornyakn10 months ago

David, what cert have to import on teltonika device in that case? The X1 root cert? The R3 intermediate? The full chain? This is not good with LE, because every 2 month the cert changing.

hornyakn10 months ago

Let me answer my own question.
The ROOT cert (currently the X1) is enough (as normally in any other clients). Works fine.

Dodo76a month ago

Hello,

when I setup upstream server for my teltonika device in nginx according David (port 5027)
I cannot make traccar running (teltonika port 5027)

WARN: Port disabled due to conflict - Address already in use - BindException (...

Can you help, please

hornyakna month ago

You cannot use same port for both service. This is not traccar specific, this is a network basic.

Dodo76a month ago

Thanks for the answer
Can you be more specific
what to set up:

  • teltonika device port setup with tls
  • upstream port in nginx config
  • traccar teltonika port in traccar.conf
hornyakna month ago

This is depend on what you want or what is you setup.
On David setup I think the traccar and nginx frontend runs at least on different IP address (or machines), so the port is on nginx ip is free.
I leave original traccar ports as it was, and setup nginx tls to 15027, because running on same machine.
You also have option to change the traccar to listen only on localhost interface, then you can setup nginx for external address.