FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
+1 vote
614 views 7 comments
by anonymous
Hi,

I'm having a big problem configuring WireGard.

Winows client returns "handshake did not complete" error.

My current firmware is: RUT2_R_00.07.03.3

I tried:

- key regeneration

- MTU changes

- keep alive settings

- I reset the router to factory settings

- change port from default 51820

The connection is to be established to a router with an LTE connection

I have configured DDNS service and my ip is reachable from outside.

1 Answer

0 votes
by anonymous
Hello,

I was unable to replicate the issue, though I have attempted to replicate most of your configuration details.

Cold you try reducing MTU of your tunnel to 1380?

Would it be possible to get client's configuration details?

Have you tried to disable Windows firewall and try establishing the tunnel again?

Best regards,
by anonymous
I have exactly the same issue with a Wireguard server set up on a TRB500 device connected with 5G.
When trying to start a client session e.g. from my smartphone, I get "Handshake did not complete after 5 seconds". I followed the guide and also tried like mentioned above. The Wireguard connection from my smartphone works with other servers.

As the server is set up, do I need to do any port forwarding? I recognised a Traffic Rule being generated from the Wireguard server setup but nothing beyond that.
by anonymous

CLI screenshot: 

by anonymous
Do you have a public IP address on your RUTX50 ? What is the output of ifconfig wwan0 ?
by anonymous

Called the server "MainNet", there is no wwan0 and the client has the public IPV4 address as endpoint of course.

# ifconfig of server on TRB500:

MainNet Link encap:UNSPEC HWaddr 00-00-00-00-
inet addr:10.0.0.1 P-t-P:10.0.0.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MTU:1420 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:98 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

by anonymous
Except that 10.0.0.1 is not a public address it isn't reachable from the outside world this explains why no wg packet is ever received.

You will need to put in place something like RMS, Zerotier or equivalent to be able to reach it.

Another possibility is to ask your mobile provider if they can give you a public address but you may be out of luck there.
by anonymous
I currently use Dyndns to get the IPV4 of the 5G router and added the 52180 port to connect to, why would this not work?
by anonymous
A dyndns won't be able to help you, you can register the 10.0.0.1 IPv4 address it isn't reachable from the outside, if you register the public address as given by 'curl ifconfig.me' or similar the provider won't redirect incoming packets to your device except if it has already a NAT mapping ie the TRB is at the origin of the flow (it has sent the first packet to the outside).