FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
139 views 2 comments
by anonymous
Hi,

I have a pair of RUTX14s, bothing running over 4g and I am trying to create a site to site VPN between them using Wireguard.

Both RUTXs are running 07.04.2

From here down I will call my server 'A' and client 'B'

A has a local IP of 10.160.0.80 and has its public IP DDNS'd using DuckDNS. WG IP = 10.165.0.1

B has a local IP of 10.161.0.80 no DDNS. WG IP = 10.165.0.2

Currently to get a handshake A has an allowed IP of 10.165.0.2 and 0.0.0.0/1

B has an allowed IP of 10.165.0.1 and 0.0.0.0/1 and has the endpoint host url configured.

Running 'WG' in the CLI the DDNS resolves correctly but the handshake keeps timing out and looping, have never had it established.

Any ideas where I'm going wrong?

Happy to provide more info if required

1 Answer

0 votes
by anonymous
Hello,

Is the IP address registered in the DDNS a public one and is it the same as the one you can see from the output of ifconfig wwan0 ? If it is in 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12 or 192.168.0.0/16 then it is a private one and cannot be reached from the outside world.

If the IP address of the router is public the first point to check is if the port (51820 ?) is open in the firewall. If it isn't add a rule to allow it.

If the handshake still fails after that then the most probable cause is a key mismatch between the two routers.

Regards,
by anonymous
Hi, sorry for the delayed response.

DDNS IP definitely is the external IP.

Both units have 51820 open.

I have attempted at least 5 cycles of the keys at this point, ensuring that they match each time.

I have 5 Teltonika units on hand and seem to run into the same issues on every pair of them.

Cheers,
by anonymous

Can you do a:

First, remove 0.0.0.0/1 from the Allowed IPs list, it will simplify debugging.

tcpdump -i any -n -v 'port 51820'

on the server ? Doyou see something when the client tries to establish the tunnel ?

What are the MTU and the netmask of the wwan0 interface ? The wg interface ? (on both ends).