WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

No Handshake on RUTX11 with Wireguard

0 votes
716 views 5 comments
by anonymous

Hello,

I tried to make a VPN Connection via my two RUTX11 Routers. It wont handshake. Anyone have any advice ? I tried to do it with the Configuration site given from Teltonika but it wont work.

Client

1 Answer

0 votes
by anonymous

Hello,

AFAIK Wireguard handshake don't complete in two cases only:

  1. the client is unable to reach the server for some unknown reason (dns not resolved correctly, remote IP address unreachable, remote port filtered ...)
  2. the client and the the server don't agree on the keys.

First check with traceroute that the client can see the server, if it does check with tcpdump on the server that you can see incoming frames: tcpdump -i any -n -v 'port 51820' (or whatever value the server is bound to).

Regards,

 

by anonymous
Okay, Ive tried to tracerout and it seems to work, but I dont understand this tcpdump thing, could you explain ? Cause I dont know how to use it.
by anonymous
Depend on the server type if it is linux like/openwrt/dd-wrt/... execute the tcpdump command from a shell script you should see incoming frames (or not) when you start the wireguard client at the other end. If nothing comes in check the UDP port, if you see incoming frames the most probable cause is a key mismatch.
by anonymous
Okay, I got the Handshake and now my Wireguard is going ober my WAN so I can just use my WAN IP to connect with port forwarding rules and some other rules, thank you. One more question, does the router only shows active Lan Ports e.g ETH1.... ?
by anonymous
ifconfig will show you all the interfaces.
by anonymous

To supplement flebourse's comment, WebUI (at Network > Interfaces) doesn't show certain interfaces, such as WireGuard, OpenVPN, loopback and some others. However, as mentioned above, ifconfig in the CLI will show you all single virtual or physical interfaces.

I'd also recommend to check out the "iproute2" utility - specifically for this case run command "ip address" in the CLI. This will show you all interfaces, not just currently running ones, in addition to alias interfaces. You can also run some further flags to reduce the output, for example, command:

ip address show up

will show all "up" interfaces. Further modifications to the command could be made, by telling this utility to show only IPv4 protocol-related information:

ip -4 address show up