WireGuard setup for site2site

NETWORKING SOLUTIONS
1

Hi!

I have seen many topic about configure WireGuard, but it is crazy how simple should be, but there is no really good info how to setup to connect to Teltonika to a WireGuard server.

wg0.conf (on ubuntu server)

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server_privatekey>

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# User1 connected with normal wireGuard Client from macbook
[Peer]
PublicKey = <user_public_key>
AllowedIPs = 10.0.0.3/32

# Site1
[Peer]
PublicKey = <teltonika_public_key>
AllowedIPs = 10.0.0.2/32, 10.254.39.0/24 # teltonika lan ip is  10.254.39.1

======

This is the config for the user for the wireGuard client which connects to the wireguard server:

[Interface]
PrivateKey = <macbook_privatekey>
Address = 10.0.0.3/32
DNS = 1.1.1.1

[Peer]
PublicKey = <server_publickey>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = server_public_ip:51820

======

For teltonika please find attached.

Screenshot 2024-11-23 at 18.14.20
Screenshot 2024-11-23 at 18.14.201080×534 79.4 KB

Screenshot 2024-11-23 at 18.13.16
Screenshot 2024-11-23 at 18.13.162990×1552 278 KB

Screenshot 2024-11-23 at 18.12.47
Screenshot 2024-11-23 at 18.12.473188×1538 270 KB

What am I missing?

Thanks!

2

Hello,

What is the output of the wg command on the Teltonika ?

Regards,

3

Hello,

Thank you for your reply.

I have checked now. Strange. Now somehow at least the router connects to the WireGuard server.

Screenshot 2024-11-23 at 23.36.07
Screenshot 2024-11-23 at 23.36.071348×722 92.1 KB

Screenshot 2024-11-23 at 23.34.34
Screenshot 2024-11-23 at 23.34.342644×1484 244 KB

However I am not sure from how to reach the devices from client/and from server.
If I ping from server, I can not reach nor the teltonika router nor I can not ping the device connected to the router.

Can you please help me, with the ip setup?

Thanks!

4

The cause might be a restrictive firewall.
Go to Network->Firewall->general settings, set wireguard->lan to Accept / Accept / Accept and retest.
And limit the MTU to 1280 bytes at both ends else https will probably fail.

5

Thanks for your input.

I kind of solved it with the help of chatgpt.

At least I can reach from user1 all devices connected to site1 (teltonika router).

If anybody needs it, find attached the setting.
For sure some other settings need to make it more secure, but it is a good start.

Screenshot 2024-11-24 at 01.23.22
Screenshot 2024-11-24 at 01.23.221736×820 140 KB

Screenshot 2024-11-24 at 01.10.22
Screenshot 2024-11-24 at 01.10.221172×926 67.6 KB

Screenshot 2024-11-24 at 01.10.56
Screenshot 2024-11-24 at 01.10.562084×1066 110 KB

Screenshot 2024-11-24 at 01.11.09
Screenshot 2024-11-24 at 01.11.092108×1236 150 KB

6

This topic was automatically closed after 60 days. New replies are no longer allowed.