FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
2,628 views 4 comments
by anonymous

I would like to Setup a Site 2 Site VPN with RUT241 in my CampingCar and Fritzbox at home.

Im struggling with the wireguard configuration of the RUT241 with FritzBox as Wireguard Server.

RUT241 has Firmware RUT2M_R_00.07.03.2

My Steps:

I configured a Site 2 Site Wireguard in my Fritzbox which gave me the following config file:

[Interface]
PrivateKey = WOo1rX+z-------------oxik9H221YA+lILB1M=
Address = 192.168.10.1/24
DNS = 192.168.1.1
DNS = fritz.box

[Peer]
PublicKey = sPWgoT/----------------Bf8RLersvMrGtx4=
PresharedKey = olm2M----------------14zn+Jw3yRdSgI3JnqJHgYQ=
AllowedIPs = 192.168.1.0/24
Endpoint = myDyndnsName:54965
PersistentKeepalive = 25

The configuration in RUT241 looks like following listing (copied from CLI) and screenshots :

root@Teltonika-RUT241:~# wg
interface: Fritzbox
  public key: Pd+fuGapPEwIUIlzY8YrpeltU9MuvLE8Pkl5YLe74mI=
  private key: (hidden)
  listening port: 51820

peer: sPWgoT/----------------Bf8RLersvMrGtx4=
  preshared key: (hidden)
  endpoint: 87.164.11.151:54965
  allowed ips: 192.168.1.0/24
  latest handshake: 12 seconds ago
  transfer: 720.75 KiB received, 1.50 MiB sent
  persistent keepalive: every 25 seconds

What is working:

It is possible to establish the connection. From local Network it is possible to ping the RUT241 (192.168.10.1) and also a connected raspi (192.168.10.142). From CLI or Shell from Raspi it is not possible to ping any station in my local network (192.168.1.0).

As as a special part the FritzBox do not have the possibility to define a VPN tunneladdress, so I have no idea what to do ?

by anonymous

Hello! Have you meanwhile found out how it works?

Is there somebody from Teltonika who could please provide some further advice how to import or where manually enter which data exported from another router like an AVM Fritzbox in a router from Teltonika?

My Fritzbox is on 192.168.178.1/24 and my RUTX11 on 192.168.11.1/24.

Here is my Fritzbox Wireguard config with #comments added and keys redacted:

[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
Address = 192.168.11.1/24
DNS = 192.168.178.21,192.168.178.1
DNS = fritz.box

[Peer]
PublicKey = ppppppppppppppppppppppppppppppppppppppppppp=
PresharedKey = zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz=
AllowedIPs = 192.168.178.0/24
Endpoint = yyyyyyyyyyyyyyyy.myfritz.net:55555
PersistentKeepalive = 25

Which of the above data rows go where on the RUTX11 Wireguard settings shown below?

Do the ports of the Fritzbox Endpoint (5555) and the Listen port of the RUTX11 need to be the same?

Which DNS servers go below - DNS from the Teltonika (RUTX11) router (if enabled) or the DNS from AVM's (Fritzbox) router?

Thank you so much for your support, which is highly appreciated! yes

by anonymous

Hello,

I do not have FritzBox to test, but I would like you to try the following: 

Services -> VPN -> WireGuard -> Instence settings -> [General setup]

Services -> VPN -> WireGuard -> Instence settings -> [Advanced setup]

Services -> VPN -> WireGuard -> Instence settings -> Peers -> [General setup]

Services -> VPN -> WireGuard -> Instence settings -> Peers -> [Advanced setup]

Ports on both ends should match.

Best regards,

2 Answers

0 votes
by anonymous

Hello,

allowed ips option seems to be identical in both client/server configurations.

Could you change allowed IPs in RUT241 peer configuration to 192.168.10.0/24 (remote instance LAN) and see if that helps?

Best regards,

by anonymous

Thank you, I've tried, but that doesn't work.

It works when I changed the IP-Adress in the settings of the wireguard Interface:

0 votes
by anonymous

Hello and thank you so much for providing me guidance!

Now I got it working - with a minor difference to your setup: I set the "IP addresses" (your first screenshot) not to 192.168.11.1/24 but to 192.168.11.0/24; else, it would not work (for me). Oh, and in my setup, the ports are different, but it works.

My best wishes for you! smiley

by anonymous
Hallo 7wells

das kann ic bestätigen. Die Ports in meiner Konfig sind auch ungleich und es funktioniert auch.

Mein Setup läuft aber ich kann aus dem RUT240 Netz, welches via SIM an WWW via WG VPN -- an FritzBox verbindet, keinen PING absetzten und auch nicht auf das Netzwerk hinter der FritzBox zugreifen.

Was nicht schlimm ist, weil ich meinen RUT240 als mobilen Router für die Fernüberwachung der dahinter angeschlossenen Wärmepumpe verwende.

Da ich aus dem Netz der FirtzBox via WG VPN diese Wärmepumpe abfragen möchte. Und da dies via Mobiles Netz nicht so einfach ist wegen der NAT und IP Bereiche der Provider, musste ich diesen Weg gehen.

Warum ich aber aus dem RUT Netz nicht ins FritzBox Netz komme ist mir ein Rätsel.

VG Dossi