10468 questions

12484 answers


21932 members

0 votes
278 views 0 comments

Tried to connect the RUT240 (FW ver.: RUT2XX_R_00.01.14.3) device to my private Wireguard server hosted on AWS that has a public IPv4.
After adding WG configuration through the UI config itself seems to be correct and it is visible in CLI. 
But there was no handshake and I discovered that the server itself is unreachable. 

Here is wg output: 

root@Teltonika-RUT240:~# wg
interface: wg_test
  public key: P6Hznh++4CfiHDp7ah1VVLMmFIkj5LO2o342Tff/RXo=
  private key: (hidden)
  listening port: 51820
peer: hoGe1R+OL9NIOsGHmQpgRydkEGXJnooKWzUFADvDDjU=
  endpoint: x.x.x.x:51820
  allowed ips:
  transfer: 0 B received, 2.89 KiB sent
  persistent keepalive: every 25 seconds


Eventually, I figured out that the WG plugin adds one extra route to the IP route table, that sends traffic to my external VPN server through the default gateway. Here is the output of 'ip route' command:

root@Teltonika-RUT240:~# ip route
default dev wwan0  scope link 
default via dev br-lan  proto static dev wwan0  proto static  scope link  metric 1 
x.x.x.x via dev br-lan  proto static dev br-lan  proto kernel  scope link  src dev br-lan  proto kernel  scope link  src dev wg_test  proto kernel  scope link  src 

When I remove that route (x.x.x.x via dev br-lan  proto static) everything works fine

So I wonder what am I doing wrong and what is that route for?
Or maybe any other suggestions on how can I make it work?

Thanks In advance.

1 Answer

0 votes

If you set wireguard properly via Web interface, then it should work correctly (without additional routes).
Take a look at his example, perhaps it could help a bit to you: https://wiki.teltonika-networks.com/view/WireGuard_Configuration_Example