Hello,
1. There are several options you can go with the remote access:
The simplest solution for remote local network device access. It can be configured in the router's WebUI Network -> Firewall -> Port forwards section. There you have to specify the external port, which will then be redirected to the associated local device and service port you want to access. You can find more details about configuration options here. Keep in mind that port forwarding is not the most secure solution and for this I would suggest to make sure that you use strong passwords on the devices you enable access to, if possible, restrict access by source MAC, IP addresses, set unconventional destination port (if web interface is accessible via port 80, reconfigure this option in your controller to a more random number).
This solution provides more security. The go to options would be OpenVPN or Wireguard, however, Teltonika supports a number of VPN protocols. For the reference configurations, check the following links:
OpenVPN link. Instructions here are made for legacy design firmware, but apply for current RutOS as well.
Wireguard link.
Since these are Layer3 protocols, the LAN network you initiate the access from will have to be in a different subnet than the LAN network you want to access. As an alternative, to bridge the networks, you can use TAP mode of OpenVPN instead of TUN, but you will need to be mindful about the devices IPs on both networks.
Teltonika also provides it's own cloud solution, Remote Management System, which allows to monitor and manage both, the router and the devices connected to the routers. The feature to allow remote access to your controller that I would suggest is VPN HUBs. You can see how RMS is configured to enable remote access in this video.
2. Briefly, it is a problem that the RUT950 and the WAGO control unit currently have the same local fixed IP address. It creates a routing conflict and one of them will have to be changed. In RUT240 it can be easily achieved by editing LAN interface settings in Network -> Interfaces section.
3. In case of port forwarding you will need to enter the public IP address of the RUT950 and the associated external port in the browser. If your solution is VPN or RMS, you should be able access the control unit by simply typing its LAN IP
Best regards,