FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
3,701 views 6 comments
by anonymous

Hi there,

I have a problem configuring a RUTX14 for wireguard VPN.
I can't figure out how to configure Wireguard VPN on the router.

Firmware version is RUTX_R_00.07.01.2

Aim is for all network traffic to be routed to a wireguard VPN server via a Wireguard VPN tunnel.

The wireguard config file i got from my vendor (OVPN) looks like this:

[Interface]
PrivateKey = abcdef12345......=
Address = 172.29.9.170/32
DNS = 46.227.67.134, 192.165.9.158               ---> where can i put this DNS IPs in the RUTX14 configuration mask?

[Peer]
PublicKey = cdefghi45678......=
AllowedIPs = 0.0.0.0/0
EndPoint = vpn68.prd.london.ovpn.com:9929


If helpful i can send you a original configuration file for wireguard VPN which i received from OVPN.com


Thanks for your support in advance!
regards
Ralf

2 Answers

0 votes
by anonymous

Hello,

Before doing anything else, could you please try to login to the router via WebUI and navigate to Network>Firewall>General settings (default window) and edit the "wireguard" interface. Then, select the field "Allow forward to destination zones" and select "wan" zone. Make sure to save & apply the settings. After doing this, all of the traffic from the router should be allowed to flow via WireGuard tunnel to another end-point (proxy).

If this doesn't work, please generate a troubleshoot file and send it to me via private message.

What's a troubleshoot file and how to generate it?

A Troubleshoot file contains the device's event logs, configuration files and other information useful for diagnostics. It can be downloaded from your device's WebUI, Troubleshoot page:

System → Administration → Troubleshoot

Best regards,

Tomas.

by anonymous

Hello Tomas,

thank you for your detailed answer.

I set the firewall like you described.

The VPN Tunnel was established properly (like ist was before).

The Problem is that the connected Laptop shows the same IP-Address no matter if VPN is enabled or not and the OVPN-Website shows that I would not be connected.

Please send me your Mail-Address than I will send the troubleshoot file to you.

by anonymous
Please send me the troubleshoot file via private message here (open my profile and click on "Send private message").
by anonymous

hey, 

did you guys get it to work?

i want to do the same as rtrieri and i am at the exact same point as rtrieri on Feb 3rd

when i check with my vpn provider if i am in the vpn it says i am not. obviously there is no traffic tunneled through the interface
i added wan to wireguard as suggested above by tomas

thanks

heiterkiter

by anonymous
Hello Heiterkiter,

after i had changed the allowed IPs of my VPN peer to "0.0.0.0/1" and "128.0.0.0/1" everythin is working fine now!
==> All clients behind the RUTX do now use the wireguard-tunnel.

When you have done this it is not longer nesessary to set the IP of your DNS!

Regards Ralf (rtrieri)
by anonymous
thanks for you reply, Ralf

this is exactly what i want, too

i am currently driving around europe with my van and i want all my devices to use vpn.

currently all devices are not tunneled like you said. isn't his the purpose behind a vpn on a (mobile) router?
it probably is just a couple of settings in the forwarding routes. maybe some tech staff can help?

@teltonika? Tutorial for commercial VPN Providers?

i currently have 2x 955 and 2x X11 in my posession with no fun at all.

heiterkiter
by anonymous

maybe this could help a little more to understand the routingproblem and interfaces:

https://www.azirevpn.com/support/guides/router/openwrt/wireguard

i will check tonight EST

@Ralf there is something about your DNS question in there, too

hk

0 votes
by anonymous

The main issue was with default route - even with 0.0.0.0/0 entered in the "AllowedIPs" field, the default route wasn't the WireGuard tunnel. For future reference - it is possible to fix the issue by inserting two more specific allowed IPs in the WireGuard peer configuration fields:

0.0.0.0/1

128.0.0.0/1

This is considered as a more specific default route (instead of 0.0.0.0/0) to the internet which will force any device, connected to the Teltonika router, to use the WireGuard peer as the default gateway out to the internet.

Best regards,

Tomas.