WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUTX11 WireGuard no handshake if Allowed IPs = 0.0.0.0/0

+1 vote
1,053 views 29 comments
by anonymous

If RUTX “Allowed IPs = 0.0.0.0/0”, then:

No handshake seen at the server side [FAIL]

root@Teltonika-RUTX11:~# traceroute 10.1.0.1 [FAIL]

root@Teltonika-RUTX11:~# traceroute 1.1.1.1 [FAIL]

root@Teltonika-RUTX11:~# traceroute 216.58.215.78 [FAIL]

Note: the same config works fine when using the WireGuard client on Windows PC.

***

If RUTX “Allowed IPs = 10.1.0.1/32”, then:

Handshake is seen at the server side [SUCCESS]

root@Teltonika-RUTX11:~# traceroute 10.1.0.1 [SUCCESS, 1st hop is 10.1.0.1]

root@Teltonika-RUTX11:~# traceroute 1.1.1.1 [SUCCESS, 1st hop is 192.168.2.1]

root@Teltonika-RUTX11:~# traceroute 216.58.215.78 [SUCCESS, 1st hop is 192.168.2.1]

***

Firmware version: RUTX_R_00.07.02.5

by anonymous
(  deleted  )

2 Answers

0 votes
by anonymous
Hello,

Instead of 0.0.0.0/0 for Allowed IPs, could you try with 0.0.0.0/1 plus 128.0.0.0/1 ?

Regards,
Show 21 previous comments
by anonymous
With the tunnel down, what is the output of traceroute 147.x ?
by anonymous
the output is fine:

1  192.168.2.1 (1st router in office)
 2  192.168.80.2 (2nd router in office)
 3  83.__.__.__4
 4  80.__.__.__3
by anonymous
Something is wrong in the routes, I don't see what yet. Set allowed ips to 0.0.0.0/1 + 128.0.0.0/1, start the tunnel and print the result of ip -4 route show.
by anonymous

I think I will gave up on WireGuard because our time is limited. I do not understand why the handshake packets do not leave the RUTX and why it depends on that AllowedIPs value. IMHO the issue is caused by something else in the RUTX but it is not related to its WireGuard. I cannot understand why the same config just works fine on Windows PC. I need to restore server and RUTX wg configurations now.

by anonymous

I've restored server and RUTX wg configurations.

AllowedIPs=10.1.0.1/32, handshake works, ping 10.1.0.1 works, but I need AllowedIPs=0.0.0.0/0 :)

I appreciate your help. We will try to reach Teltonika. I will post info what was wrong if I discover the bug at all.

0 votes
by anonymous

With the changes below, WireGuard works even if AllowedIPs = 0.0.0.0 / 0

by anonymous
Damned those routes don't appear in the ip -4 route show output!
by anonymous
There is still one problem with this fix: "traceroute 147.xx.xx.xx8" 1st hop is 192.168.2.1, but it should go straight to the wg1 also, "traceroute <anything>" should go through the VPN tunnel.