I’m seeking assistance with an important issue affecting my family. In Montenegro, we have two Mobotix cameras set up behind a Teltonika RUTX09 router (necessary due to a recent rise in vandalism), and we need to access their web interface for configuration. However, our ISP, m:tel, doesn’t provide a static IP for our plan (and unfortunately, changing plans is not an option). In fact, we don’t even have a public IP at all—only a private IP, something like 10.228.210.XX.
To access the cameras, I’ve tried connecting the network created by the RUTX09 in Montenegro to another network I have in Lithuania (which is behind a RUTX50 router with a static public IP) using a WireGuard VPN connection. The screenshots show my current setup. With this configuration, I can connect from the Montenegro network to any node in my Lithuanian network, but not the other way around—I can’t reach the RUTX09 in Montenegro, nor can I access the Mobotix cameras behind it. However, the cameras on the Lithuanian side can be accessed from Montenegro without any issues, and their web interfaces work perfectly. This leads me to believe that the cameras themselves don’t have any restrictions and don’t require special configuration.
I would greatly appreciate any help from those experienced with setting up Teltonika VPNs or who can spot potential mistakes in my configuration. In 24 hours, the person whose computer I’ve been using to access the internal Montenegro network remotely via TeamViewer will be leaving, which means I’ll only have access to the RUTX09 through RMS, but not the cameras. I’m incredibly grateful for any advice or guidance anyone can offer.
Then the settings below should be everything you need, and nothing more. You will then be able to address any cameras by their IP. Note the MTU size used.
I’d also recommend that you set up custom SMS rules to turn the wireguard tunnel on / off - especialy as the tunnel has to be initiated from the RUTX09 with the Private IP. Handy for when you’re remote and the tunnel drops. If you need help with those, let me know.
I am up and down the mountains for the next 2 weeks, so it may take me some time to reply.
Thank you so much for the detailed advice and the time you spent preparing and clearly presenting it. I have made all the changes to the settings exactly as you recommended. I also removed the port forwarding for the cameras on the RUTX09, as you mentioned in your last message. The port forwarding for various services on the RUTX50 remains – this shouldn’t affect access to devices on the other network, right?
Now for the progress made. A positive outcome is that from the internal network in Lithuania, I was able to connect to the RUTX09 in Montenegro via the 192.168.2.1 address and access its administrative interface without any issues. This is great and can be considered an alternative to RMS in case there are any problems with that service. Unfortunately, I still can’t connect to any of the Mobotix cameras. When trying to access the IP address of any of them, I get the message shown in the attached screenshot:
Do you have any thoughts on what else could be checked or changed in the settings to take the next step beyond the RUTX09 into the network behind it? I’m really counting on your expertise and am very grateful in advance for your help.
Wishing you success in conquering new mountain peaks!
I suspect something might have been overlooked in the firewall configuration.
On both RUTXs could you edit the Network->Firewall->General settings->Zones:wireguard, set FORWARD to Accept and Masquerading to off ?
Thank you for the advice.
I’ll try making these changes to the configuration. So far, I’ve only been able to do this for the RUTX50 – unfortunately, the router in Montenegro is currently showing as offline through RMS
I really hope everything is fine there and that it will be available again soon so I can continue working with it and the cameras behind it.
Apologies for the silence on this important topic. As I mentioned earlier, the need to install the equipment arose due to the risk of vandalism. Unfortunately, that risk has now materialized: right after the person watching over the house left Montenegro, intruders cut off the power. The electrical panel is located outside and, by law, cannot be physically secured. As a result, all equipment is currently without power, and there’s no way to implement your router configuration advice at the moment. I’m extremely grateful to everyone who responded with suggestions.
We are working to resolve the situation, but so far, without success. I may try to extend the auto-close time on this community thread, as a significant portion of the standard 15 days has been lost due to the lack of access to the equipment. Thank you for your understanding, and I will update you as soon as we’re able to restore power to the router and adjust the settings according to your recommendations.
I am sorry for you. Do you have an UPS on site ? If so you can trigger an alarm if the power goes down, you ll need at least a Raspberry or better yet an Intel NUC (now Asus) to do that.
Another solution might be to connect a Blackusb+ to the RUT it will send a message to Sigfox or Lora. I don’t know if this sort of network is available in Montenegro.