10501 questions

12508 answers

19436 comments

22020 members

0 votes
50 views 2 comments
by

RutX11, FW version RUTX_R_00.07.02.1

I'm trying to connect RUTX11 using mobile SIM (no public IP) to my home router (edgerouter x) with wireguard. My purpose is to connect these two LAN networks. My home router has public ip address and I am able to establish working wireguard connection from my android phone.

I cannot get wireguard working with RUTX11 however.



root@Teltonika-RUTX11:~# wg

interface: samaani

public key: Hsc-------------------------------ilKV0=

private key: (hidden)

listening port: 51820

peer: iqN-----------------------------5N6cqlY=

endpoint: public.ip.address:51820

allowed ips: 10.10.69.0/32

I can ping google.com or 8.8.8.8, but I cannot ping my home router's public IP from RUTX11. I can ping it from my android phone (or anywhere else).

Here's my home router setup:

interface: wg0
  public key: iqN------------------------------------5N6cqlY=
  private key: (hidden)
  listening port: 51820

peer: M6-----------------------------------4jNyQ=   <---- android phone, no issues
  endpoint: 85.xx.xx.xx2:15887
  allowed ips: 10.10.69.2/32
  latest handshake: 32 seconds ago
  transfer: 14.29 KiB received, 38.31 KiB sent

peer: Buw-------------------------------5dXg8=   <---- Linux PC behind home router (edgerouter x), no issues
  endpoint: 192.168.1.102:51820
  allowed ips: 10.10.69.3/32, 10.42.0.0/24
  latest handshake: 1 minute, 18 seconds ago
  transfer: 110.64 KiB received, 170.81 KiB sent

peer: Hsc---------------ilKV0=    <--- RUTX11, mobile SIM, no handshake, no connection
  allowed ips: 10.10.69.4/32



 

1 Answer

0 votes
by

Hello,

In the peer settings there is a setting allowed ips: 10.10.69.0/32.

I suggest trying a different IP address, one not ending with 0 as it denotes a whole network or try a different mask value, for example 24.

Another place to double check is if you have entered correct keys.

Best regards,

Žygimantas

by

I have tried now several different allowed ips as you suggested: for eg 10.10.70.60/24 and 10.10.50.6/24.

CLI, however, shows all the time an allowed ip that ends in "0". If I edit peer's allowed-ip to be 10.10.50.6/24, CLI shows it like this:



root@Teltonika-RUTX11:~# wg

interface: samaani

public key: Hsc-------ilKV0=

private key: (hidden)

listening port: 51820

peer: iq-----------------5N6cqlY=

endpoint: public.ip:51820

allowed ips: 10.10.50.0/24

root@Teltonika-RUTX11:~#

EDIT: I tried changing now the allowed ips to 192.170.170.1/24 yet the above CLI information remains the same after "wg" command.

ago by
When you have a mask 24 on the ip of 10.10.70.60/24, the mask matches the first 24 bits of the address, the 10.10.70 part. So it makes no difference what is in the last 8 bits and the RUTX11 is setting it to 0. If you look when the value is greater than 24, you will find the value of .60 would remain there.

You should check your keys are correct. I too am struggling and have days in this but I have a connection at least.

Am thinking perhaps another solution. It would be really nice if the folks at Teltonika put up a working example of a wireguard configuration that 1) connects to an outside VPS, and 2) routes all traffic there (I believe this happens in wireguard if the allowed ip's are 0.0.0.0/0).  I can ping, get DNS, see my remote IP is the VPS but cannot connect from the ssh session on RUTX11 via wget to a server, nor from my iPhone connected over wifi.  My use case is use RUTX11 as a failover for my Pfsense only connected on a lan port (so  not have failover solution itself become another failure point), using wireguard to get a fixed IP so I can use that ip in other places as an allowed ip in a firewall. Sample instructions  like this would be perfect: https://wildlab.org/index.php/2022/02/24/vps-vm-vpn

I have 2 wireguard vpns setup on openwrt devices, and one from a ubuntu box that do this exact setup with ease.