Cannot get a Wireguard connection from RUT950 to Fritzbox

I try to establish a connection from my RUT950 router to my home’s Fritzbox via Wireguard. The devices connected toLAN or Wifi) on the RUT950 should communicate entirely through my Fritzbox. No other internet connection should be used. The devices (or at least a few of them) from the Fritzbox should be able to tak to devices on the RUT.

RUT has newest possible firmware on my device:

I followed the following thread for configuring:

Before setting up Wireguard on the RUT I tried pinging the Fritzbox dynDNS name successfully.
After configuring the Wireguard on RUT950 it is not reachable anymore from it’s own LAN interface! On the Fritzbox is no connection seen.
When I reboot the router I can ping it a few seconds until the mobile connection is established (the gree signal strenght LEDs come on), from that time it is not reachable anymore.
So I removed the SIM card so it cannot connect to mobile and then I can access the router again.
What is happening here?
The router is even not reachable after I set the Wireguard config to inactive.

My fritzbox LAN configuration:
local IP addresses:
internet IP address: dynamic,

RUT LAN configuration:
local IP addresses:

I generated the fritzbox’ wireguard config file as follows:

PrivateKey = interface_privatekey
ListenPort = 56406
Address =
DNS =,

PublicKey = peer_publickey
PresharedKey = peer_presharedkey
AllowedIPs =
PersistentKeepalive = 25

On the RUT950 I configured like this:

Hi …

At first glance, in your wireguard config, you have have given the Fritzbox a port of 56406 but you have told the RUT950, that its Fritxbox peer is listening on 51820

Apologies if you are familiar with Wireguard already but as Wireguard is routed, you will need three different subnets - the fritzbox side, the RUT950 side and one for the WireGuard tunnel.

I think your Wireguard tunnel IP settings are the same but they need to be unique at both ends but on the same subnet, one that isn’t currently configured on your end networks. So for example, you could make your fritzbox [Interface] > Address = and set your RUT950 [Interface] > Address = … assuming that the subnet is currently unconfigured/unknown on the networks at both ends.

Start off with a low MTU setting both ends, say 1280, to ensure some stability whilst testing, then incrementally adjust upwards when happy.

I myself only started using wireguard in the last 2 weeks, so a newbie at its configuration but it works for me.


Thank you Mike for your detailed information.
I have no knowledge about Wireguard for now.

I am very sorry for not seeing the wrong port settings. I looked over it many times and didn’t see it.

I corrected it now and the fritzbox shows a connection now. But I cannot access the router anymore. Not from local clients nor fritzbox clients and vice versa. I think that applies now for your IP subnet explanation.

To keep my client addresses I understand your notes as follows:

Local subnet on fritzbox side
Local subnet on RUT side
These are ok?

I need an additional subnet with only two clients in it, the fritzbox Wireguard adapter and the RUT wireguard adapter. But I don’t know how to configure this esp. on the fritzbox side. Fritzbox’ wireguard can only be configured with an assistent. This asks first for the type of connection, where I answered “connection to another wireguard router”.

Then I answered “this connection wasn’t configured on the remote side yet”. Then “this connection should not be used at the same time as another connection to remote side”.

Then comes a name of the connection and the remote subnet information. That’s all. Then I get the supplied config file, which I showed in the previous mail. No point to setup this intermediate network.

Yes, they are fine and you may use them in the ‘Allowed IPs’ depending on how you want to route traffic.

On your RUT950, ensure the Route Allowed IPs is ON


As an experiment, you could replace your current setting for Allowed IPs to allow any IP coming through the tunnel. The setting for these on the RUT950 would be …


Unfortunately, I am unfamiliar with the Fritzbox.

Route allowed IPs is on.

What I don’t, why is the router not accessible from it’s own wired ethenet ports anymore when the mobile connection comes up.

I think somehow the local IPs 192.168.43.x are not routed to the router itself anymore. Maybe it is because these adresses are in the allowed IPs of the wireguard connection and are now routed only to the fritzbox side? That would be wrong. Devices connected to the RUT should talk to each other, inly when they try to access an IP outside their subnet, they should be routed to fritzbox.

Also other way round. Devices on the fritzbox should talk to each other except they want access IPs from the subnet.

Just a thought, check your NETWORK > FIREWALL > GENERAL SETTINGS

Does wireguard appear as its own zone and the Zone => forwardings show lan to wireguard and vice versa. I doubt this is the issue, as wireguard pretty much sets this up as standard.

As I am new to Wireguard, I feel uncomfortable offering any further advice, as it took me sometime to configure my particular Use Case but at least it works. Hopefully someone with more experience will be able to assist here.

My apologies,


I see wireguard as a source zone but with no destination zone. Lan also has no destination zone.

In my firmware it looks different. Because it seems I have a legacy device, I cannot update to newest firmware.

Thank you anyway. Maybe I find some solution or further help before my patience ends. :slight_smile:

In my FIREWALL > LAN ZONE settings I have …


And in my FIREWALL > WIREGUARD ZONE settings, I have …


One question. Shall I put into allowed IPs the IPs on the RUT side which are allowed to communicate via Wireguard or the fritzbox IPs that are allowed to to communicate to the RUT?

I have got it working mostly. I had to swap the subnets of allowed IPs of Wireguard server and Peer.

No I can communicate between both locations in both directions. But there is one remaining issue. DNS using internet ne servers. So I cannot address my local devices on the Fritzbox from the RUT network by name and vice versa.

I see on newer firmware there are DNS Entries in the Wireguard setup, but not in mine. How can I setup that DNS requests were forwarded to my Fritzbox?

Or alternatively, can I somehow add my fritzbox’ relevant clients to the local DNS server tobthe RUT manually.

This topic was automatically closed 40 hours after the last reply. New replies are no longer allowed.