Tried to connect the RUT240 (FW ver.: RUT2XX_R_00.01.14.3) device to my private Wireguard server hosted on AWS that has a public IPv4.
After adding WG configuration through the UI config itself seems to be correct and it is visible in CLI.
But there was no handshake and I discovered that the server itself is unreachable.
Here is wg output:
root@Teltonika-RUT240:~# wg
interface: wg_test
public key: P6Hznh++4CfiHDp7ah1VVLMmFIkj5LO2o342Tff/RXo=
private key: (hidden)
listening port: 51820
peer: hoGe1R+OL9NIOsGHmQpgRydkEGXJnooKWzUFADvDDjU=
endpoint: x.x.x.x:51820
allowed ips: 192.168.11.0/24
transfer: 0 B received, 2.89 KiB sent
persistent keepalive: every 25 seconds
Eventually, I figured out that the WG plugin adds one extra route to the IP route table, that sends traffic to my external VPN server through the default gateway. Here is the output of 'ip route' command:
root@Teltonika-RUT240:~# ip route
default dev wwan0 scope link
default via 192.168.1.1 dev br-lan proto static
10.199.41.173 dev wwan0 proto static scope link metric 1
x.x.x.x via 192.168.1.1 dev br-lan proto static
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.10.0/24 dev br-lan proto kernel scope link src 192.168.10.240
192.168.11.0/24 dev wg_test proto kernel scope link src 192.168.11.5
When I remove that route (x.x.x.x via 192.168.1.1 dev br-lan proto static) everything works fine.
So I wonder what am I doing wrong and what is that route for?
Or maybe any other suggestions on how can I make it work?
Thanks In advance.