RUTX50 simplest VPN

flebourse · July 2, 2025, 8:56am

So delete 192.168.9.1/32 from the Allowed IPs list on the RUTX50, and add the IP address of the wg interface of the mac (a 192.168.9.x/32 x!=1).

No for both.

No just the IP address of the wg interface of the client/initiator.

Marija · July 3, 2025, 10:05am

Hello @dth,

Regarding the easiest VPN option — after configuring and testing each one, we can confirm that WireGuard and ZeroTier are the simplest VPNs to set up and use.

I see that you and @flebourse are actively discussing the issue you’re experiencing with the VPN setup. Please let me know if you’d like any assistance from my side, or if you prefer to continue the discussion between just the two of you.

Best regards,

dth · July 3, 2025, 11:52am

The community system prevented me from responding before now. I had to wait 20 hours, as I registered recently. Unfortunately in the mean time I traveled to a different country until 16/07/2025, so I cannot access the RUTX50 before then.

Did that before the above problem. No change.

I really, really appreciate your help with this, as it is important that I get VPN access working

It seems like something completely different is going on here. I have not changed routing or firewall configuration at all on this RUTX50 device (except what you proposed above). So I really have no idea of what else might prevent this traffic from coming through…

For some reason the RUTX50 started crashing completely. The last thing I did was just change some settings for the peer config under the wireguard config, like I had done many, many times before. I now have it restored to factory settings. And will try from scratch when I get back.

dth · July 3, 2025, 11:54am

Hi,

Thanks for your input. I would love any help I can get.

It seems very odd that the connection is established, but just no traffic at all goes through…

I am back in location to access the router from 16th of July.

If you have any suggestions or such in the meantime, I would love to hear about them

flebourse · July 3, 2025, 8:06pm

The forum has a somewhat restrictive policy for new users, and for not so new ones also. @Marija do you know why I have lost my “Regular” badge ? I have an idea but I may be wrong.

When modifying network configs it can be useful to have a NMC cable at hand if you make a serious mistake and lose access. It will permit you to have a login: prompt using the USB connector no need to restart from a blank state.

Could you please post a drawing of your system with IP addresses and networks I might have missed something and the suggested Allowed IPs / other fields could be wrong.

dth · July 4, 2025, 6:09am

Good idea. But I think in this case it was something else. I just changed the wireguard settings, which should not be able to cut of all access to the router (including ssh and ping).

When power cycling the router could be accessed for a few seconds, but then no longer. So my feeling is it was something else - some bug or whatever.

It is not possible for me to draw where I am now, but I can try to explain - maybe it is sufficient. Starting from the “inside”:

Peplink router 192.168.1.1/24 (this is where all the servers are)

	directly attached to LAN port of 
	
RUTX50 192.168.8.1/24

	connectd to the internet via mobile 4G connection
	and with wireguard zone 192.168.9.1/24
	
MacBook with Wireguard on the internet

So I am trying to access the servers on 192.168.1.* from the MacBook, including DNS (from either EUTX50 or Peplink)

The status I had before the crash was that I could establish the tunnel. I got a green light in the client, etc. But I could not ping or access anything in any of the 3 subnets. Firewall, routing, etc. looked fine to me.

As mentioned I will try again from scratch, following the docs from Teltonika, on the 16th or thereabouts

Marija · July 4, 2025, 7:38am

Hello,

@dth, the issue you described may be related to the latest firmware version, which our developers are currently working to fix. To confirm whether the issue is indeed firmware-related, we will need to review a troubleshoot file from your device.

You mentioned that you have already restored the device to factory defaults. Once you’re back and have reconfigured WireGuard, please let me know whether it is working correctly or if the issue persists. If the issue remains, I will send you a form for private communication.

@flebourse, regarding the “Regular” badge: if you fall below the activity requirements within the last 100 days, you may be demoted back to “Member.”
We’re planning to create a topic on the community forum that will explain the trust levels and badge system in more detail—how each level and badge is earned, the permissions associated with them, and the conditions under which they may be lost. I’ll inform you once the topic is published.

Best regards,

dth · July 4, 2025, 4:24pm

Thanks.

If the same happens, and it just “dies” I won’t be able to get a troubleshooting log, as there was no way to get in contact with it (did not try serial via USB).

But If there is similar strange trouble with WireGuard, after starting from scratch, I will make sure to let you know

flebourse · July 4, 2025, 4:30pm

Your network is pretty simple.
Just check your Allowed IPs on the Mac: 192.168.1.0/24 + 192.168.8.1/32 (or 192.168.8.0/24) + 192.168.9.1/32 (or 192.168.9.0/24).
For testing ping step by step from the mac: 192.168.9.1 then 192.168.8.1 then 192.168.1.1. Where does it fails first ?
For the DNS you have to declare at least 192.168.1.1 as the dns server for the 192.168.1.0/24 network. I’ll look at how to do this.