Do I need to modify Firewall rules for WireGuard VPN setup?

Networking Solutions
1

Hi, as I failed to setup IPsec VPN connection from my rutc50 to my old Fritz!Box I have upgraded my Fritz!box to latest version supporting WireGuard as well.

Connecting my phones / tablets to that FRITZ!box is as easy as to scan a QR and it works straightaway.

I didn‘t find an similar easy way to config the Rutc50 e.g to import the WG config file from the Fritz!Box.

I read through multiply posts and have configured the WG VPN on Rutc50 manually … can‘t get it to work :slightly_frowning_face:

Questions :
Is there a way to import the WG configuration QR Code somehow into Rutc50 to at least have as working connection ?

If the only way is to configure it manually ( what I tried ) , do I need to adjust any firewall rules which the Rutc50 has created automatically? ( see screenshot below )

Where is the best log to check for errors ?

image
image2023×1050 148 KB

3

Hello,

Not possible

Manual configuration is necessary, yes. I have recently made a configuration example on this: FritzBox and Teltonika WireGuard Configuration example - Teltonika Networks Wiki

Usually, you’d check system.log in the troubleshoot file, or you could try entering logread -f in the SSH and then try to turn on the tunnel connection.

Regards,
M.

4

Hi Matas,

Followed your wiki, the rutc50 looks a bit different as well as my ‚Fritz!Box‘ screens, I am not sure I got everything right :slightly_frowning_face:

When I enable the vpn to connect from Ruc50 → Fritz!box no internet connection is working any more ( I don‘t need the other way round to connect Fritz!Box → Rutc50)

Looking parallel with my phone via WireGuard onto my Fritz!Box, I don’t see any Rutc50 connection coming in ( green bubble )

I still don‘t understand wether I need to modify any firewall zones / rules … in some posts it is mentioned as required, only the other hand Rutc50 creates these FW rules/zone automatically … is this sufficient?

Maybe you could see something I the logs … these are not telling me much

4174 Tue Jul 22 20:23:06 2025 daemon.warn dnsmasq[9529]: Maximum number of concurrent DNS queries reached (max: 150)
4175 Tue Jul 22 20:23:39 2025 daemon.warn dnsmasq[9529]: Maximum number of concurrent DNS queries reached (max: 150)
4176 Tue Jul 22 20:24:03 2025 daemon.info ledman[15681]: [identify_mobile_iface:127] error: Failed to load network file!
4177 Tue Jul 22 20:24:03 2025 kern.notice kernel: User “admin” changed Network configuration in “/services/vpn/wireguard” page
4178 Tue Jul 22 20:24:03 2025 daemon.notice netifd: Network device ‘Test’ link is down
4179 Tue Jul 22 20:24:03 2025 daemon.notice netifd: Interface ‘Test’ is now down
4180 Tue Jul 22 20:24:03 2025 daemon.notice netifd: Interface ‘Test’ is setting up now
4181 Tue Jul 22 20:24:03 2025 daemon.info ledman[15681]: [identify_mobile_iface:127] error: Failed to load network file!
4182 Tue Jul 22 20:24:03 2025 daemon.notice netifd: Interface ‘Test’ is now up
4183 Tue Jul 22 20:24:03 2025 daemon.notice netifd: Network device ‘Test’ link is up
4184 Tue Jul 22 20:24:03 2025 daemon.info ledman[15681]: [identify_mobile_iface:127] error: Failed to load network file!
4185 Tue Jul 22 20:24:04 2025 user.notice firewall: Reloading firewall due to ifup of Test (Test)
4186 Tue Jul 22 20:24:04 2025 user.notice nlbwmon: Reloading nlbwmon due to ifup of Test (Test)
4187 Tue Jul 22 20:24:05 2025 daemon.info mobifd: Service reload initiated
4188 Tue Jul 22 20:24:05 2025 daemon.notice netifd: Wireless device ‘radio0’ set retry=3
4189 Tue Jul 22 20:24:05 2025 daemon.notice netifd: Wireless device ‘radio1’ set retry=3
4190 Tue Jul 22 20:24:05 2025 daemon.info ledman[15681]: [identify_mobile_iface:127] error: Failed to load network file!
4191 Tue Jul 22 20:24:05 2025 daemon.notice netifd: Network device ‘Test’ link is down
4192 Tue Jul 22 20:24:05 2025 daemon.notice netifd: Interface ‘Test’ is now down

5

Hmm.. Could you provide screenshots of your WireGuard configuration from the RUTC50? Please do blur out any sensitive information (public/private keys, the public endpoint host IP address, etc.).

The main things we want to make sure are correct are:

  1. The Public/Private keys that you’re using
  2. The IP address of the tunnel itself
  3. The allowed IPs list & make sure that Route Allowed IPs is enabled
  4. In the FritzBox! we want to make sure that the tunnels IP address is in the same LAN subnet as your RUTC50

Regards,
M.

6

As a side-note, enabling Masquerading is always a good thing:

image
image1228×337 32.3 KB

It’s simply a form of NAT (Network Address Translation) that makes multiple devices appear as one to external networks.

Regards,
M.

7

Hi Matas,
I have collected the config data used both from Fritz!Box ( Model 6690) and the Rutc50 config

Fritz!Box settings

Interface file

IMG_1865
IMG_18651300×718 91.8 KB

VPN WireGuard Config Screen

IMG_1859
IMG_18591434×1777 207 KB

Rutc50 settings

Interface Setting

IMG_1861
IMG_18612623×1405 133 KB

Peer Config General

IMG_1862
IMG_18621818×1231 126 KB

Peer Config Advanced

IMG_1864
IMG_18641824×1278 137 KB

8

Hmm.. From what is visible in these screenshots, I don’t see any errors, if I haven’t missed anything.

Could you fill out a form that I’m going to send to you so we could continue our conversation in private? That would be great. In the ticket ID field, just enter 14697 (which is the ID of this thread).

Regards,
M.

9

Hi Matas

Sure … will you send the Formular via mail ?

10

Hi there,

You should’ve received this form in the forums already. Just in case, I’ve resent it for the second time. Fill it out according to the instructions in my previous message and I’ll reach out to you soon after.

Regards,
M.

11

This topic was automatically closed after 60 days. New replies are no longer allowed.