10468 questions

12484 answers

19404 comments

21932 members

0 votes
278 views 0 comments
by

Tried to connect the RUT240 (FW ver.: RUT2XX_R_00.01.14.3) device to my private Wireguard server hosted on AWS that has a public IPv4.
After adding WG configuration through the UI config itself seems to be correct and it is visible in CLI. 
But there was no handshake and I discovered that the server itself is unreachable. 

Here is wg output: 

root@Teltonika-RUT240:~# wg
interface: wg_test
  public key: P6Hznh++4CfiHDp7ah1VVLMmFIkj5LO2o342Tff/RXo=
  private key: (hidden)
  listening port: 51820
peer: hoGe1R+OL9NIOsGHmQpgRydkEGXJnooKWzUFADvDDjU=
  endpoint: x.x.x.x:51820
  allowed ips: 192.168.11.0/24
  transfer: 0 B received, 2.89 KiB sent
  persistent keepalive: every 25 seconds

 

Eventually, I figured out that the WG plugin adds one extra route to the IP route table, that sends traffic to my external VPN server through the default gateway. Here is the output of 'ip route' command:

root@Teltonika-RUT240:~# ip route
default dev wwan0  scope link 
default via 192.168.1.1 dev br-lan  proto static 
10.199.41.173 dev wwan0  proto static  scope link  metric 1 
x.x.x.x via 192.168.1.1 dev br-lan  proto static 
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1 
192.168.10.0/24 dev br-lan  proto kernel  scope link  src 192.168.10.240 
192.168.11.0/24 dev wg_test  proto kernel  scope link  src 192.168.11.5 

When I remove that route (x.x.x.x via 192.168.1.1 dev br-lan  proto static) everything works fine

So I wonder what am I doing wrong and what is that route for?
Or maybe any other suggestions on how can I make it work?

Thanks In advance.

1 Answer

0 votes
by

Hi,
If you set wireguard properly via Web interface, then it should work correctly (without additional routes).
Take a look at his example, perhaps it could help a bit to you: https://wiki.teltonika-networks.com/view/WireGuard_Configuration_Example