Teltonika VPN & Static IP Configuration (RUTX11 ↔ RUT241)

Networking Solutions
1

Eksempel Teltonika
Eksempel Teltonika1536×864 19.3 KB

Hello,

We are seeking technical assistance regarding the configuration of a Teltonika VPN and static IP setup. Please see the attached schematic illustration (simplified drawing for reference).

Background

We operate a dedicated on-premises server at our office, where we host an access control platform (SALTO SPACE) for selected customers.

In cases where customers require online functionality for their controllers, we install additional networking equipment on site to enable secure remote communication between the central server and the customer’s access control hardware.

Until now, we have been using a Tosibox solution for this purpose. However, we find it somewhat complex to manage and maintain at scale, and therefore wish to migrate to a Teltonika-based infrastructure.

Intended Setup

Our planned architecture is as follows:

  • Teltonika RUTX11 installed at our office, connected to our SALTO server.
    This unit will function as our central VPN gateway (“main hub”).

  • Teltonika RUT241 units deployed at customer sites.
    These will provide secure remote connectivity to on-site access control hardware (e.g. controllers) via LAN.

The objective is to establish secure, stable communication between:

Office Server (SALTO SPACE)
:up_down_arrow:
RUTX11 (Office – VPN Server / Gateway)
:up_down_arrow:
RUT241 (Customer Site – VPN Client)
:up_down_arrow:
Access Control Controllers (LAN)

Assistance Required

We require guidance on:

  1. Recommended VPN type (OpenVPN, IPsec, WireGuard, RMS VPN, etc.) for this use case.

  2. Best practice configuration for site-to-site connectivity.

  3. Static IP handling (public static IP vs. dynamic + DDNS).

  4. Routing setup between subnets (office LAN ↔ customer LAN).

  5. Security hardening recommendations.

  6. A scalable configuration model for onboarding future RUT241 units efficiently.

  7. Whether RMS would be beneficial or unnecessary in this architecture.

Our goal is to implement a robust and scalable structure that allows us to easily deploy additional field units going forward, with predictable routing and minimal complexity.

We would appreciate your guidance on how this should be configured correctly from the outset.

Looking forward to your response.

Teltonika
Teltonika1536×1024 104 KB

3

Hello,

Depends whether you have a Public IP or not, if not - either ZeroTier or RMS VPN is recommended to be used in that case. If you do - Any other VPN will work just fine as well. I’d recommend WireGuard as it’s really easy to set up, sames goes for both RMS VPN & ZeroTier.

We have various Wiki examples for your setups, for example here you can find ZeroTier: ZeroTier Configuration - Teltonika Networks Wiki
Here you can find the entire RMS Manual and configuration examples: RMS Manual - Teltonika Networks Wiki

Could you clarify this question?

Depends on which VPN you go with, for RMS VPN for example, you’d just add a route to the subnet of the other end in order to be able to reach it, pretty much the same goes for any other VPN, just some let you add an “Allowed IP” (WIreGuard for example), “Remote subnet” for IPSec, etc.

VPNs are already meant to be secure as the use encryption of data and such, I don’t believe there’s an extra step to this.

You kind of already answered your own question - if you’re looking to manage more and more devices, RMS is pretty much made for that; Then you wouldn’t have to worry about using different VPNs either, as you’d just opt for using RMS VPN.

Now for your topology:

  1. You add the RUTX11 & the RUT241 to the same VPN Hub you’ve created
  2. You set up routes on both ends separately
  3. You download either our RMS VPN Hub app or OpenVPN connect & you connect to the VPN.
  4. You should now be able to ping either end, either end-devices from a single computer/phone.

Very bare bones explanation, but we would be able to help you out once you do decide to go forward with this, but the entire setup is pretty basic and shouldn’t take long to get it up and running.

Regards,
M.

4

This topic was automatically closed after 60 days. New replies are no longer allowed.