11315 questions

13487 answers

21158 comments

31578 members

0 votes
358 views 4 comments
by
hi i am trying to get wireguard to work via linode on my rut240, but it will not work. I followed the instructions perfectly but it will not work. these are the instructions i used.

https://wiki.teltonika-networks.com/view/Providing_connectivity_for_Helium_miners_using_the_RUT240#Configuring_static_LAN_IP_lease_for_the_Helium_miner
by
Hello,

Please provide more information about your issue. I'm assuming you've completed all of the configuration - is the WireGuard tunnel established? You should be able to ping the WireGuard tunnel from one endpoint to another and vice versa.

If the tunnel is working properly (both sides can ping each other) please make sure the firewall rule points to the correct device (the miner on your LAN network) and that the selected incoming firewall zone is "wireguard".

If there is something else that's not working or if you're getting some error while applying the configuration, please post it here, I'd highly recommend to remove any sensitive information before posting any errors here directly. If you aren't sure whether some error contains sensitive information, please send me any issues/errors via private message.

Best regards,

Tomas.
by
I am running the new Firmware. the 0.7.1 i think.

Yes i can, yes i completed the configuration exactly. Wireguard on the VPS side did complete successfully. It showed the ACTIVE status in green as the picture in the instructions referenced. I do not know how to ping each side as you say, im not super technical, pretty new to all of this still.

inside interface - wireguard zone is Lan and inside VPS - Wireguard the source zone is wireguard. if that makes sense. Inside Interface it does show Wireguard is stopped and has no ip or protocol.

i do not get any errors, everything appears to be correctly installed. i have screenshots, but do not have any text fields open to post text, but there aren't any errors to post, just confirmations that it is successful.

Port forward checker has my ip for post 44158 closed and again inside Interfaces, the wireguard is stopped and has no activity.

Thanks!
by

Hello,

It seems like the tunnel itself is not up or not coming up. Please confirm the status of the wireguard service on the Linode VPS side. To do that, login to your Linode VPS via SSH (PuTTY) and type in the following command.

systemctl status wg-quick@wg0.service

It should show you a large amount of information about the service but the most important bit is this line in green:

 Active: active (exited) since Mon 2021-12-20 07:53:50 UTC; 3min 47s ago

If the status is instead "inactive" (dead) then the service itself isn't enabled or not coming up due to some error. In that case I'd recommend double checking the configuration part. If the status shows active then the following things left to check would be: 

  • Ping from one tunnel end to another
  • If no ping is coming through, check for private/public key mismatch on the VPS side and the public key of the peer on the router side. 
  • If private/public keys are in order, double check the configuration on router side (endpoint host/allowed peer IP section)

In order to ping, while logged in to the VPS using PuTTY (via SSH), type in the following command: "ping 10.0.1.2". You should see an output similar to this:

root@localhost:/etc/wireguard# ping 10.0.1.2

PING 10.0.1.2 (10.0.1.2) 56(84) bytes of data.

64 bytes from 10.0.1.2: icmp_seq=1 ttl=64 time=80.8 ms

64 bytes from 10.0.1.2: icmp_seq=2 ttl=64 time=78.9 ms

64 bytes from 10.0.1.2: icmp_seq=3 ttl=64 time=78.2 ms

64 bytes from 10.0.1.2: icmp_seq=4 ttl=64 time=76.8 ms

^C

--- 10.0.1.2 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3004ms

rtt min/avg/max/mdev = 76.842/78.682/80.776/1.421 ms

If nothing comes through that means the tunnel itself hasn't been established.

Another issue could be the "Allowed IPs" of the peer as well as endpoint host/port. Make sure the "Allowed IPs" of the peer section is set to the VPS wireguard tunnel IP (10.0.1.1/32 according to the wiki article). Additionally, the "endpoint host" part should be the public IP address of your Linode VPS. Port, by default, is 51820.

 

Let me know more information when you've double-checked things and I'll try to assist you further regarding this issue. Additionally, if you could, please execute the following command via SSH on VPS (PuTTY) and paste it here:

ifconfig wg0

The output should be similar to this:

root@localhost:/etc/wireguard# ifconfig wg0

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420

        inet 10.0.1.1  netmask 255.255.255.0  destination 10.0.1.1

        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)

        RX packets 17  bytes 2004 (1.9 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 18  bytes 2212 (2.1 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 

This part shouldn't have any private information but if for some reason it does, please sanitize it or send it to me via private message if you're not sure.

Best regards,

Tomas.

1 Answer

0 votes
by

  by 

Hello,

It seems like the tunnel itself is not up or not coming up. Please confirm the status of the wireguard service on the Linode VPS side. To do that, login to your Linode VPS via SSH (PuTTY) and type in the following command.

systemctl status wg-quick@wg0.service

It should show you a large amount of information about the service but the most important bit is this line in green:

 Active: active (exited) since Mon 2021-12-20 07:53:50 UTC; 3min 47s ago

If the status is instead "inactive" (dead) then the service itself isn't enabled or not coming up due to some error. In that case I'd recommend double checking the configuration part. If the status shows active then the following things left to check would be: 

  • Ping from one tunnel end to another
  • If no ping is coming through, check for private/public key mismatch on the VPS side and the public key of the peer on the router side. 
  • If private/public keys are in order, double check the configuration on router side (endpoint host/allowed peer IP section)

In order to ping, while logged in to the VPS using PuTTY (via SSH), type in the following command: "ping 10.0.1.2". You should see an output similar to this:

root@localhost:/etc/wireguard# ping 10.0.1.2

PING 10.0.1.2 (10.0.1.2) 56(84) bytes of data.

64 bytes from 10.0.1.2: icmp_seq=1 ttl=64 time=80.8 ms

64 bytes from 10.0.1.2: icmp_seq=2 ttl=64 time=78.9 ms

64 bytes from 10.0.1.2: icmp_seq=3 ttl=64 time=78.2 ms

64 bytes from 10.0.1.2: icmp_seq=4 ttl=64 time=76.8 ms

^C

--- 10.0.1.2 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3004ms

rtt min/avg/max/mdev = 76.842/78.682/80.776/1.421 ms

If nothing comes through that means the tunnel itself hasn't been established.

Another issue could be the "Allowed IPs" of the peer as well as endpoint host/port. Make sure the "Allowed IPs" of the peer section is set to the VPS wireguard tunnel IP (10.0.1.1/32 according to the wiki article). Additionally, the "endpoint host" part should be the public IP address of your Linode VPS. Port, by default, is 51820.

 

Let me know more information when you've double-checked things and I'll try to assist you further regarding this issue. Additionally, if you could, please execute the following command via SSH on VPS (PuTTY) and paste it here:

ifconfig wg0

The output should be similar to this:

root@localhost:/etc/wireguard# ifconfig wg0

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420

        inet 10.0.1.1  netmask 255.255.255.0  destination 10.0.1.1

        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)

        RX packets 17  bytes 2004 (1.9 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 18  bytes 2212 (2.1 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 

This part shouldn't have any private information but if for some reason it does, please sanitize it or send it to me via private message if you're not sure.

Best regards,

Tomas.

by
Hi Tomas,

I have the same issue. Running the latest fw on a Rut240. Went through the setup exactly how the guide said. The link is active and green. I can ping both ends but ports are still closed.