subscribe to our Youtube


12615 questions

14984 answers


46770 members

0 votes
159 views 12 comments
I have a RUTX11 running latest firmware (as of 10/18/2022).  I have enabled remote HTTP access and assigned the port to 8080.  From a remote computer's web browser, I tried to access the RUTX11's webUI with the wan IP reported by the RUTX11 and port 8080 (e.g., xx.xx.xx.xx:8080) and I get a timeout.  I get a different IP address, however, when I use  Using that IP address with the port (e.g., yy.yy.yy.yy:8080), I also get a timeout.  I can only access the RUTX11 remotely using Teltonika's RMS interface, but I don't want to have to go that route long term since I don't want to have to generate a special code / signature to get in.  I'm using T-Mobile as my LTE provider.

1) Why can't I access the router's webUI remotely?  Is there some other setting that needs enabled?

2) Why is the IP address reported by the RUTX11 different than's IP address?

Thanks in advance.
Which APN do you use?

Try Custom APN:

Best regards,

Hello Peter,

APN is "Auto ("

Pardon my ignorance (I've been reading up on APNs, though), but what is the motivation for changing this?


2 Answers

0 votes


Looks like your RUTX11 has a private IPaddress on the wan interface, probably 10.x.y.z or 172.[16..31].x.y or 100.[64..127].x.y so it cannot be reached from the outside these addresses are not routable. The address you see on the page is the one of some router in your ISP's network not the RUTX11.


Best answer

29.18.xx.yy  That's not a private IP address, is it?

If that's the WAN IP address, shouldn't I be able to access the RUTX11 remotely?
29.18.x.y is a public address you should be able to reach it from the outside. To check do:

 - on a RUTX11 CLI or ssh console: tcpdump -i wwan0 -n -v 'port 22'

 - try to ssh from an external device.

Do you see something on the tcpdump output ?
I cannot telnet remotely, even though I have "enable remote telnet access" turned on for port 23.

I cannot ssh remotely, even though I have "remote ssh access" turned on for port 22.

Seems I can only access remotely using RMS, which I would like to avoid.  RMS generates these temporary certificates... how is it able to access the router when I can't, even though I have remote access permissions all enabled?

I cannot ssh remotely, even though I have "remote ssh access" turned on for port 22.

If you try, do you see something on the tcpdump console ?

From RMS, I kicked off a telnet session and then launched the tcpdump command.

It showed it was listening.

From a remote machine, I tried to SSH into the 29.18.xx.xx IP address and nothing happened in the tcpdump window.

The SSH on the remote machine timed out and aborted.
It is rather strange that you have a public IPv4 address on the RUTX and a different one on whatismyip.

What is the output of ifconfig wwan0 on the RUTX ?

Here are the results of ifconfig -a:

wwan0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  

          inet addr:29.18.174.xx  P-t-P:29.18.174.xx  Mask:

          inet6 addr: fe80::ce90:4ec4:5b0f:986f/64 Scope:Link


          RX packets:3483630 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2060309 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:3738874487 (3.4 GiB)  TX bytes:268762860 (256.3 MiB)

From whois => CIDR:  and Organization:   DoD Network Information Center (DNIC)

Is that true ? The RUTX is in a .mil network or is there some bad allocation there ?

In what org is the output of whatismayip ?
whois on results in a timeout.

whois on (from whatismyip) also results in a timeout.

Yet RMS can access it just fine.  Do you know what is wrong?
by is an IP address in a .mil network, or so says whois. belongs to T-Mobile according to the whois database.

So T-Mobile uses internally a public IP address range belonging to someone else to hide customer devices ... What a bunch of morons to remain polite ...

RMS build a VPN between the RUTX and public servers, the 29.x source address is translated by T-Mobile and isn't seen by the servers. From the RMS servers point of view access to the RUT device is in fact access to the other end of a tunnel this is how it works.

Tentative accesses to a 29.x address from the outside go to a .mil router somewhere and are just dropped without further consideration.

So for you the only way out is RMS, ZeroTier or equivalent.
0 votes
Hi Rory,

no Problem. I have the same use case. It is very simple: = Public IPv4 = reachable

Auto = public IPv6 = Not reachable

The „normal“ APN block incoming traffic.

I use this in combination with DynDNS to connect from everywhere to my Rutx11. Works perfect.

Best regards,