8323 questions

9785 answers

15569 comments

13914 members

0 votes
79 views 0 comments
by

Tried to connect the RUT240 (FW ver.: RUT2XX_R_00.01.14.3) device to my private Wireguard server hosted on AWS that has a public IPv4.
After adding WG configuration through the UI config itself seems to be correct and it is visible in CLI. 
But there was no handshake and I discovered that the server itself is unreachable. 

Here is wg output: 

root@Teltonika-RUT240:~# wg
interface: wg_test
  public key: P6Hznh++4CfiHDp7ah1VVLMmFIkj5LO2o342Tff/RXo=
  private key: (hidden)
  listening port: 51820
peer: hoGe1R+OL9NIOsGHmQpgRydkEGXJnooKWzUFADvDDjU=
  endpoint: x.x.x.x:51820
  allowed ips: 192.168.11.0/24
  transfer: 0 B received, 2.89 KiB sent
  persistent keepalive: every 25 seconds

 

Eventually, I figured out that the WG plugin adds one extra route to the IP route table, that sends traffic to my external VPN server through the default gateway. Here is the output of 'ip route' command:

root@Teltonika-RUT240:~# ip route
default dev wwan0  scope link 
default via 192.168.1.1 dev br-lan  proto static 
10.199.41.173 dev wwan0  proto static  scope link  metric 1 
x.x.x.x via 192.168.1.1 dev br-lan  proto static 
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1 
192.168.10.0/24 dev br-lan  proto kernel  scope link  src 192.168.10.240 
192.168.11.0/24 dev wg_test  proto kernel  scope link  src 192.168.11.5 

When I remove that route (x.x.x.x via 192.168.1.1 dev br-lan  proto static) everything works fine

So I wonder what am I doing wrong and what is that route for?
Or maybe any other suggestions on how can I make it work?

Thanks In advance.

Please log in or register to answer this question.