FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
553 views 8 comments
by anonymous

Hello,

I want to chat from client A to client B.

I managed to make a Wireguard or IPSEC communication. And from client A, I can ping / access the RUT955 WEB page by the IP 192.168.27.68.

But I would like to be able to access the client 192.168.0.10.

Can you guide me?

Thanks

4 Answers

0 votes
by anonymous

Thanks to flebourse

Here is the method for Wireguard with Pfsense compared to my architecture:


Pfsense does not automatically create a static route.

Pfsense:

  1- Create a Wireguard IP Static 10.8.8.1 interface

  2- Add Upstream Gateway ip 10.8.8.6

  3- Create static route from 192.168.0.0/24 to Gateway (10.8.8.6) through interface (10.8.8.1)

  4- Creation of the Wireguard tunnel with the interface 10.8.8.1

  5- Customer Peer A: 10.8.8.5/32

  6- Client Peer B (RUT955): 10.8.8.6/32, 192.168.0.0/24

  7- 10.8.8.1 interface firewall, all open

  8- Firewall wan UDP / Port used example: 51820

RUT955

Interface:

   1- Ip Addresses 10.8.8.6/24

   2- Advanced settings MTU 1360

   3- Peer Allowed IPs: 10.8.8.1/32, 10.8.8.5./32

   4- Advanced settings: Route Allowed IPs enable, Persistent Keep Alive 25

  

pc:

[Interface]

Address = 10.8.8.5/32

MTU = 1360

[Peer]

AllowedIPs=10.8.8.1/32, 10.8.8.6/32, 192.168.0.0/24

PersistentKeepalive = 25

Thank you for your feedback

Best answer
0 votes
by anonymous

Hello,

If you are trying to route all your LAN traffic though Wireguard, you can go to the option Services > VPN > Wireguard to choose your tunnel, then go into Peers to configure and set “Allowed IPs” to 0.0.0.0/1 + 128.0.0.0/1. You can see more detail about this options on the following wikipage:

RUT955 VPN - Teltonika Networks Wiki (teltonika-networks.com)

Best regards.

0 votes
by anonymous

Hello,

With any solution whether Wireguard, IPSEC, Openvpn Cloud.

I manage to connect to the web page of the router and the ping.

But I can't ping what's going on behind it.

Example :

pc => Openvpn Cloud/WireGuard/IPSEC Server => Router OK PING

pc => Openvpn Cloud/WireGuard/IPSEC server => Router=>Equipment not ok.

by anonymous
For wireguard, add 192.168.0.0/24 to the server's Allowed IPs list.
0 votes
by anonymous

Hello,

I went back to a wireguard configuration with a PFsense as a server.

I manage to ping client A address in 10.8.8.1 / 10.8.8.6

But I would still like to be able to communicate from my Client A to Client B and I can't ping.

I access the RUT955 web in 10.8.8.6 but not in 192.168.0.1.

Configuration Wg server Pfsense:

IP 10.8.8.1/24

Pfsense Client A Wg Configuration:

AllowIp: 10.8.8.5/32

192.168.0.0/24

Pfsense Client B Wg Setup:

AllowIp: 10.8.8.6/32

192.168.0.0/24

Configuration Wg client A Windows:

[Interface]

Address = 10.8.8.5/32

MTU = 1360

[Peer]

AllowedIPs = 0.0.0.0/1, 128.0.0.0/1 (I also tried 0.0.0.0/0)

PersistentKeepalive = 25

Configuration Wg client B RUT955:

[Interface]

Address = 10.8.8.6/32

MTU = 1360

[Peer]

AllowedIPs = 0.0.0.0/0 (If I put 0.0.0.0/1 , 128.0.0.0/1 the RUT955 is no longer available)

Route Allowed IPs = Ok

PersistentKeepalive = 25

Thanks

by anonymous
Your Allowed IPs values have issues.

Pfsense server A side: set Allowed IPs to 10.8.8.5/32

Pfsense server B side: set Allowed IPs to 10.8.8.6/32 + 192.168.0.0/24

RUT955: set Allowed IPs to 10.8.8.1/32 + 10.8.8.5/32

Client A: set Allowed IPs to 10.8.8.1/32 + 10.8.8.6/32 + 192.168.0.0/24

This is the minimal configuration to enable exchanges between A and B.

If you want to route all traffic from B through the tunnel (0.0.0.0/1 + 128.0.0.0/1) beware you must have a higher priority route to reach the Pfsense server itself. Idem for B.
by anonymous

Hello,

Thank you for your quick response, here are the screenshots of the configuration and today I am at the same point I can only ping the 10.8.8.X network but not the 192.168.0.X.

Client A Pfsense

Client B Pfsense (RUT955)

Client A (Windows)

Client B(RUT955)

Thank

by anonymous
You need to set lan=>wireguard and wireguard=>lan to Accept/Accept/Accept in the Network->Firewall->General settings menu of the RUT955.
by anonymous

It was already set

by anonymous
Add tcpdump on the RUT955 if you haven't already done so (opkg update; opkg install tcpdump) and look at the packets:

On the rut: tcpdump -i any -n -v icmp

From another console on computer A: ping 192.168.0.1

What is the output of tcpdump ?

Same test with ping 192.168.0.10. Idem tcpdump output ?
by anonymous
Humm. Something is seriously rotten here I can't see any ICMP echo request/reply packets only ICMP redirects originating from the Pfsense server.

What is the output of tcpdump for a ping 10.8.8.6 from A ?
by anonymous
At least there is a pair echo request / echo reply here so this part of routing works. And still the redirects from the pfsense server one for each ssh packet for the session in one direction only.

What are the name and addresses of the pfsense server's interfaces ? Can you do do a tcpdump there ?