Jump to content
  • EN

Providing connectivity for Helium miners using the RUT240: Difference between revisions

Providing connectivity for Helium miners using the RUT240 (view source)

Revision as of 20:22, 7 February 2022

228 bytes removed ,  7 February 2022
m
no edit summary
VisualWikitext
mNo edit summary
mNo edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
''Note: this article and all of its configuration examples given here have been configured using the legacy web UI RUT240 firmware '''RUT2XX_R_00.01.14.4'''. For more information about firmware versions, please refer to [[RUT240 Firmware Downloads|RUT240 firmware wiki page]].''
''Note: this article and all of its configuration examples given here have been configured using the new RUTOS firmware '''RUT2_R_00.07.01.2''' which runs with a brand new WebUI. A configuration example with the legacy firmware WebUI can be found here:'' [[Providing connectivity for Helium miners using the RUT240 (legacy WebUI)]]
 
''For more information about firmware versions, please refer to [[RUT240 Firmware Downloads|RUT240 firmware wiki page]].''


== Introduction ==
== Introduction ==
Line 5: Line 7:
Due to the Helium miners gaining significant traction, it's rather necessary to understand how to make the miner work as efficiently as possible. To accomplish this task, it's highly recommended, [https://docs.helium.com/troubleshooting/network-troubleshooting/ according to the official Helium documentation], to create a port forward rule for incoming traffic to port 44158 (TCP) and redirect it to the Helium miner. In this article, 3 different methods are shown to accomplish this task, depending on available resources. Please note that before starting with the procedure, the following prerequisites must be met:
Due to the Helium miners gaining significant traction, it's rather necessary to understand how to make the miner work as efficiently as possible. To accomplish this task, it's highly recommended, [https://docs.helium.com/troubleshooting/network-troubleshooting/ according to the official Helium documentation], to create a port forward rule for incoming traffic to port 44158 (TCP) and redirect it to the Helium miner. In this article, 3 different methods are shown to accomplish this task, depending on available resources. Please note that before starting with the procedure, the following prerequisites must be met:


* RUT240 or any other Teltonika Networks router
* RUT240 or any other Teltonika Networks router running RUTOS v7 firmware
* Ability to login and configure the router
* Ability to login and configure the router
* Pre-configured router using the initial setup wizard
* Pre-configured router using the initial setup wizard
Line 11: Line 13:




in this article all examples are provided using the RUT240 router.
In this article all examples are provided using the RUT240 router.


== Prerequisites ==
== Prerequisites ==
Before getting started with the configuration of port forwarding, the router must be configured using the setup wizard. This wizard is used to configure basic settings on the router.   
Before getting started with any further configuration, the router must be prepared using the setup wizard. This wizard is used to configure basic settings on the router.   


Additionally, it's highly recommended to understand the difference and recognize the distinction between public and private IP addresses. A short article regarding this can be found on our wiki FAQ: [[Private and Public IP Addresses]].  
Additionally, it's highly recommended to understand the difference and recognize the distinction between public and private IP addresses. A short article regarding this can be found on our wiki FAQ: [[Private and Public IP Addresses]].  
Line 26: Line 28:
If you get a warning about an insecure connection, click on “Advanced” and “Proceed to 192.168.1.1 (unsafe)”.  
If you get a warning about an insecure connection, click on “Advanced” and “Proceed to 192.168.1.1 (unsafe)”.  


[[File:CertWarning.png|alt=|612x612px]]
[[File:Certwarningv2fix.png|1031x1031px]]


This warning occurs due to browser not trusting the certificate, generated by router itself.
This warning occurs due to browser not trusting the internal router web server certificate, generated by the router itself.




Line 40: Line 42:
Password – '''admin01'''
Password – '''admin01'''


[[File:WebUIloginpage.png|alt=|624x624px]]
[[File:WebUIloginpage RUTOS.png|1039x1039px]]


Once logged in, a prompt to change the password will be shown. Change password to meet the requirements, then proceed by clicking “'''Save'''”:
Once logged in, a prompt to change the password will be shown. Change password to meet the requirements, then proceed by clicking “'''Submit'''”:


[[File:ChangePassword.png|alt=|622x622px]]
[[File:ChangePassword RUTOS.png]]


Next, we need to configure basic settings to prepare our router. In '''Step 1 – General<ins>,</ins>''' choose your desired time zone and click on “'''Sync with browser'''” option. Once done, click on “'''Next'''”.
Next, we need to configure basic settings to prepare our router. A setup wizard will open after entering the new password. In '''Step 1''' of setup wizard change the "'''Configuration Mode'''" to "'''Advanced'''", then click on “'''Sync with browser'''” option and choose your desired time zone. Once done, click on “'''Next'''”.


[[File:FirstLoginTime.png|alt=|609x609px]]
[[File:FirstLoginTime RUTOS.png|1140x1140px]]


In '''Step 2 – Mobile<ins>,</ins>''' you can configure a mobile internet connection. These settings will depend on your mobile operator and your mobile internet plan. Once all the necessary settings have been entered, click on “'''Next'''”.
In '''Step 2''' of setup wizard we can change our local area network configuration<ins>,</ins> but it is unnecessary. For now, it’s recommended to leave it as-is. Click on “'''Next'''” to proceed.


[[File:FirstLoginMobile.png|alt=|576x576px]]
[[File:FirstLoginLAN RUTOS.png|1137x1137px]]


In '''Step 3 – LAN<ins>,</ins>''' we can change our local area network configuration<ins>,</ins> but it is unnecessary. For now, it’s recommended to leave it as-is. Click on “'''Next'''” to proceed.
In '''Step 3''' you can configure basic mobile connectivity settings. These settings will depend on your mobile operator and your mobile internet plan. Once all the necessary settings have been entered, or if there are no changes needed, click on “'''Next'''”.


[[File:FirstLoginLAN.png|alt=|594x594px]]
[[File:FirstLoginMobile RUTOS.png|1131x1131px]]


In '''Step 4 – WiFi''' it’s possible to change the name of WiFi along with a passphrase  or other operation settings. After the changes have been made, proceed to the next step by clicking “'''Next'''”.
In '''Step 4''' it’s possible to enable/disable the WiFi, change the name of the wireless network along with its passphrase. After the changes have been made, proceed to the next step by clicking “'''Next'''”.


[[File:FirstLoginWiFi.png|alt=|600x600px]]
[[File:FirstLoginWiFi RUTOS.png|1125x1125px]]


In '''Step 5 – RMS<ins>,</ins>''' we can connect our router to Teltonika’s Remote Management System. More information about the RMS system can be found [https://teltonika-networks.com/product/rms/ here].
In '''Step 5''' we can connect our router to Teltonika '''Remote Management System'''. More information about the Teltonika '''RMS''' can be found [https://teltonika-networks.com/product/rms/ here].


[[File:FirstLoginRMS.png|alt=|603x603px]]
[[File:FirstLoginRMS RUTOS.png|1123x1123px]]


To finish the setup wizard, click on “'''Finish'''”. The overview page will open. From here, confirm that there is internet connectivity by going to any internet website which shows your external public IP address (for example https://www.whatismyip.com/):
To finish the setup wizard, click on “'''Finish'''”. The overview page will open. At this point it is recommended to confirm whether there is internet connectivity by going to any internet website which shows your external public IP address (for example https://www.whatismyip.com/):


[[File:WhatIsMyIP.png|alt=]]
[[File:WhatIsMyIP.png|alt=]]
Line 73: Line 75:


For extensive details about the initial configuration of the router, please refer to our wiki page [[RUT240 Setup Wizard|here.]]
For extensive details about the initial configuration of the router, please refer to our wiki page [[RUT240 Setup Wizard|here.]]
== Scenario #1: Port forwarding with public IP address ==
== Scenario #1: Port forwarding with public IP address ==


=== Extra prerequisites for scenario #1 ===
=== Extra prerequisites for scenario #1 ===
----For the Helium miner to be reachable by any device on the internet, it’s necessary to allow and forward any incoming internet traffic via port 44158 (TCP) to the Helium miner. In this specific configuration scenario, an example with the Teltonika RUT240 router will be provided.
----For the Helium miner to be reachable by any device on the internet, it’s necessary to allow and forward any incoming internet traffic via port 44158 (TCP) to the Helium miner. In this specific configuration scenario, an example with the Teltonika RUT240 router, running the new RUTOS firmware, will be provided.




For this configuration example to work, the following general criteria must be met:
For this configuration example to work, the following general criteria must be met:


*Router with public external WAN IP address using mobile SIM card
*Router must be online with public external WAN IP address on its mobile interface using a mobile SIM card


*Helium miner connected to the router
*Helium miner must be connected to the router


===Configuring static LAN IP lease for the Helium miner===
===Configuring static LAN IP lease for the Helium miner===
----While not mandatory, it is highly recommended to add a LAN IP reservation for the Helium miner to make sure port forward rule, which will be defined later, always points to the correct device. In order to do this, navigate to LAN "'''Network>LAN'''":
----While not mandatory, it is highly recommended to add a LAN IP reservation for the Helium miner to make sure port forward rule, which will be defined later, always points to the correct device. In order to do this, navigate to LAN "'''Network>Interfaces'''":
[[File:ToLAN.png|alt=|480x480px]]
[[File:ToLAN RUTOS.png|446x446px]]


Once there, scroll down to the static lease section and click “'''Add'''”:
Once there, edit the default LAN interface by clicking the pencil icon:


[[File:LANAddStatic.png|alt=|653x653px]]
[[File:EditLAN RUTOS.png|1102x1102px]]


Enter a desired '''hostname''' (can be name of the device) in order to name the reservation, then click on “'''MAC address'''” field and select the Helium miner. Finally, in “'''IP address'''” field keep currently assigned IP address or, if desired, enter a custom IP address.
LAN configuration page will open. Scroll all the way down to the "'''Static lease'''" section and add a new instance:
[[File:StaticIPLAN.png|alt=|658x658px]]


When done, scroll down to the bottom of the page and click “'''Save'''” to apply changes.
[[File:LANAddStatic RUTOS.png|1100x1100px]]


Configuration window will load. Enter MAC address of the Helium miner and any desired IP address (can be current LAN IP) in their respective fields:


[[File:StaticIPLAN RUTOS.png|1097x1097px]] 
When done click on “'''Save & Apply'''” button to apply the changes. The final result should look similar to this (MAC and IP may differ):
[[File:StaticIPLAN2 RUTOS.png|1093x1093px]]
When done, click on “'''Save & Apply'''” button to save the changes on the LAN interface.


===Configuring the port forward rule ===
===Configuring the port forward rule ===
----If the internet is up and running, login to the router configuration page and proceed to the port forward configuration page by navigating to "'''Network>Firewall>Port Forwarding'''":
----If the internet is up and running, proceed to the port forward configuration page by navigating to "'''Network>Firewall>Port Forwards'''":
[[File:NavigateToPortFW.png|alt=|431x431px]]
[[File:NavigateToPortFW RUTOS.png]]
 




Once there, scroll down to the bottom and enter the following settings in specified fields:
Once there, enter the following settings in specified fields:


“'''Name'''” - name the port forward rule. In this configuration example, we’ll be using '''Helium''' as the name of this rule
“'''Name'''” - name the port forward rule. In this configuration example, we’ll be using '''Helium''' as the name of this rule


“'''Protocol'''” - select TCP
“'''External port'''” - enter 44158
 
“'''Internal IP address'''” - select your Helium miner LAN IP address (starts with 192.168.1.X).


“'''External ports'''” - enter 44158
“'''Internal port'''” - enter 44158


“'''Internal IP'''” - select your Helium miner LAN IP address (starts with 192.168.1.X).
Once every field has been filled in, click on “'''Add'''”.


“'''Internal ports'''” - enter 44158
[[File:PortFWfinalresult RUTOS.png|1097x1097px]]


Once every field has been filled in, click on '''Add'''.
A new window will pop up. Change the "'''Protocol'''" field from "'''TCP+UDP'''" to "'''TCP'''" only. Once done, scroll down to the bottom of the window and click on "'''Save & Apply'''" to save the settings. The configuration window should look like this before saving the settings (internal IP address field may differ):


[[File:PortFWfinalresult.png|alt=|769x769px]]
[[File:PortFWfinalresult2 RUTOS.png]]


'''<u>Important!</u>''' After adding the rule, don’t forget to click “'''Save'''” to apply changes
If every configuration field is correct and the rule has been applied, the port forward rule should appear in the port forwards table in a similar fashion:


If every configuration field is correct and the rule has been applied, the port forward rule should appear in the table:
[[File:PortFWfinaltable RUTOS.png|1118x1118px]]


[[File:PortFWfinaltable.png|alt=|769x769px]]




Line 138: Line 147:


===Extra prerequisites for scenario #2===
===Extra prerequisites for scenario #2===
----For the Helium miner to be reachable by any device on the internet, it’s necessary to allow and forward any incoming internet traffic via port 44158 (TCP) to the Helium miner. In this specific configuration scenario, an example with the Teltonika RUT240 router will be provided.
----For the Helium miner to be reachable by any device on the internet, it’s necessary to allow and forward any incoming internet traffic via port 44158 (TCP) to the Helium miner. In this specific configuration scenario, an example with the Teltonika RUT240 router passing its external public WAN IP address to the Helium miner directly will be provided.




For this configuration example to work, the following general criteria must be met:
For this configuration example to work, the following general criteria must be met:


*Router with public external WAN IP address using mobile SIM card
*Router must be online with public external WAN IP address on its mobile interface using a mobile SIM card


*Helium miner connected to the router
*Helium miner must be connected to the router


===Setting mobile WAN as main interface===
===Configuring the passthrough mode on the RUT240===
----<u>'''Important'''</u>'''!''' Pass-through and Bridge modes are disabled when multi-wan is enabled. To resolve this, navigate to "'''Network>WAN'''" before doing any additional configuration:  
----In order to configure the passthrough mode on the new RUTOS firmware navigate to the "'''Network>Interfaces'''":  
[[File:NavtoWAN.png|alt=|480x480px]]


Once there, select interface with name “'''Mobile (WAN)'''” as your primary internet connection by selecting the circular button. Concurrently, make sure to deselect any other square box and then click on “'''Save'''” to apply configuration. The following image shows correct configuration:[[File:WANcfgmobile.png|alt=|610x610px]]
[[File:ToLAN RUTOS.png]]  


===Configuring the passthrough mode on the RUT240===
Once there, find interface with name “'''MOB1S1A1'''” and edit it by clicking a pencil icon next to it:
----To proceed with further router configuration by navigating to "'''Network>Mobile'''" configuration page. Here, it will be possible to set passthrough mode to make our router forward all incoming traffic directly to the Helium miner.
[[File:ToMobile.png|alt=|444x444px]]


In this configuration page make sure to modify the following settings:
[[File:EditMOB RUTOS.png|1060x1060px]]


“'''Mode'''” - change from '''NAT''' to '''Passthrough'''


“'''MAC address'''” - enter your Helium miner MAC address. If the MAC address of Helium miner isn’t known, you can check it by navigating to “'''Status>Network>LAN'''” page. There, MAC address of Helium miner as well as its LAN IP address should be visible:
A new configuration page will pop up. In this configuration page make sure to modify the following settings:


[[File:ToNetwork.png|alt=|353x353px]][[File:LANdevices.png|alt=|625x625px]]
“'''Mode'''” - change from '''NAT''' to '''Passthrough'''


After the noted fields been configured in a correct manner, make sure to apply configuration by scrolling down to the bottom of page and click “'''Save'''”. Eventually, the Helium miner should get an external IP address.
“'''MAC address'''” - enter your Helium miner MAC address:


===Optional configuration: set WAN port as LAN===
[[File:MobilePassthrough RUTOS.png|1063x1063px]]
----Once the passthrough mode is enabled, the router can still serve local IP addresses to any other device connected to the router. If needed, the WAN interface can be setup as a LAN interface to provide connectivity to any additional device or a switch. To accomplish this, follow these steps:


Login to the router's WebUI and navigate to the LAN section ('''Network>LAN'''):


[[File:ToLAN.png|alt=|480x480px]]
If the MAC address of Helium miner isn’t known, you can check it by navigating to “'''Status>Network>LAN'''” page.


[[File:ToLANstatus RUTOS.png]]


Under the configuration section, click "'''Advanced Settings'''" and place a check mark next to the "'''Use WAN port as LAN'''" field and don't forget to save your settings:
There, MAC address of Helium miner as well as its current LAN IP address should be visible:


[[File:SetWANasLAN.png|alt=|600x600px]]
[[File:IP-Lease RUTOS.png|1088x1088px]]  


After the necessary configuration has been set, make sure to apply configuration by scrolling down to the bottom of mobile interface configuration page and click “'''Save & Apply'''”. Eventually, the Helium miner should get an external IP address from the router.


===Optional configuration: set WAN port as LAN===
----Once the passthrough mode is enabled, the router can still serve local IP addresses to any other device connected to the router. If needed, the WAN interface can be setup as a LAN interface to provide connectivity to any additional device or a switch. To accomplish this, follow the steps as described in another wiki article here: [[Setting up WAN as LAN]]
==Scenario #3: Private WAN IP solution==
==Scenario #3: Private WAN IP solution==
===Extra prerequisites for scenario #3===
===Extra prerequisites for scenario #3===
Line 192: Line 199:
In order to get started with this procedure, the following requirements must be met:
In order to get started with this procedure, the following requirements must be met:


* Router with internet connection
* Router must be online with internet connection
*Virtual Private Server (VPS) with a public IP address
*Virtual Private Server (VPS) with a public IP address
*Ability to create and install a Virtual Machine (VM) with possibility to setup WireGuard
*Ability to create and install a Virtual Machine (VM) in the VPS with possibility to setup WireGuard
*Helium miner connected to the router
*Helium miner must be connected to the router






In this specific example the Teltonika Networks RUT240 router is used as an example. For VM hosting, Linode is used as a VPS provider to create and manage VM deployments. Debian 11 is used as an operating system on the VM.
In this specific example the Teltonika Networks RUT240 router running the RUTOS firmware is used as an example. For VM hosting, Linode is used as a VPS provider to create and manage VM deployments. Debian 11 is used as an operating system on the VM.


===Preparing and setting up VM on VPS===
===Preparing and setting up VM on VPS===
Line 251: Line 258:


[[File:AddingBackports.png|alt=|577x577px]]
[[File:AddingBackports.png|alt=|577x577px]]
===Initial setup of tools and services in VPS ===
===Initial setup of tools and services in VPS ===
----
----
To begin the installation process, issue the following commands. These commands will make sure the operating system is up to date and, additionally, it will install iptables and wireguard packages. Enter the following command:  
To begin the installation process, issue the following commands. These commands will make sure the operating system is up to date and, additionally, it will install '''iptables''' and '''wireguard''' packages. Enter the following command:  


'''apt update && apt upgrade -y && apt install iptables -y && apt install wireguard -y'''  
'''apt update && apt upgrade -y && apt install iptables -y && apt install wireguard -y'''  


This command will make sure your system is up to date, install newest base packages. Then it will install '''iptables''' package as well as '''wireguard''' package. You can verify if package was installed by issuing '''dpkg -s <package name>''' command in the CLI. For example, to confirm if wireguard has been installed successfully, type in '''dpkg -s wireguard''' and then press enter. The following output should be shown (it may differ slightly from yours, depending on currently available WireGuard version):
This command will make sure your system is up to date, install newest base packages. Then it will install '''iptables''' package as well as '''wireguard''' package. You can verify if package was installed by issuing '''dpkg -s <package name>''' command in the CLI. For example, to confirm if wireguard has been installed successfully, type in '''dpkg -s wireguard''' and then press enter. The following output should be shown (output may differ slightly, depending on currently installed WireGuard version):


[[File:DpkgConfirmationWG.png|alt=|644x644px]]
[[File:DpkgConfirmationWG.png|alt=|644x644px]]
Line 268: Line 273:
In order for the VPN tunnel to work, both VPS and router must have their own public and private key pairs. The private key will be used for data decryption coming from the peer while public key will encrypt traffic going to the peer.  
In order for the VPN tunnel to work, both VPS and router must have their own public and private key pairs. The private key will be used for data decryption coming from the peer while public key will encrypt traffic going to the peer.  


<span style="color:red">'''Warning!'''</span> Never share or put your private key in public space.
<span style="color:red">'''Warning!'''</span> Never share or put your <u>private key</u> in public space.


To generate key pairs on VPS, enter the following commands into the CLI:
To generate key pairs on VPS, enter the following commands into the CLI:
Line 290: Line 295:
[[File:WGpublickeyVPS.png|alt=|364x364px]]
[[File:WGpublickeyVPS.png|alt=|364x364px]]


===Installing the WireGuard package on the router===
===Configuring WireGuard tunnel on the router===
----
----


Once the internet is up and running on the router, navigate to the configuration page and proceed to install the WireGuard package (if not already installed) via package manager or CLI. It is highly recommended to reboot router after installing, even if router itself doesn’t prompt for it. To install the package by using the web UI, follow these steps:
''Note: WireGuard is implemented in RUTOS by default which means there is no need to install any additional packages. If, for some reason, WireGuard package is missing on the router, install it by navigating to "Services>Package manager" and searching for "wireguard" package.''
 
Login to the router via browser (default IP: 192.168.1.1). Once logged in, navigate to “Package Manager” ('''System>Package Manager'''):
 
[[File:RUT240PackageMan.png|alt=|634x634px]]
 
When the "'''Package Manager'''" page loads, in the search bar enter "'''wireguard'''". There should be a package ready to be installed, once it shows up, click on "'''Install'''":


[[File:PkgmgrWG.png|alt=|975x975px]]
Once the internet is up and running on the router, in the WebUI navigate to "'''Services>VPN>Wireguard'''" in order to start configuring the tunnel:  


The confirmation window will then open, click on "'''Proceed'''":
[[File:ServicesVPNWG RUTOS.png]]


[[File:PackageProceed.png|alt=|852x852px]]


Give the route some time to install WireGuard package. If it's successful, you may see a success message such as this:
Add new instance with any name. In this example "linode" will be used as name for our Wireguard interface on router side.


[[File:PackageSuccess.png|alt=|855x855px]]
[[File:LinodeAddIF RUTOS.png|1076x1076px]]


Right after installing the package successfully, restarting router is highly recommended. To do that, navigate to "'''System>Reboot'''":
Once it's created, a new window will open. Click "'''Generate'''" to generate private & public key pairs. When key pairs are visible, make sure to copy the public key from router, it will be needed later for WireGuard configuration on VPS side. Next, enter the following configuration in specified fields:


[[File:RebootRUT240.png|alt=|638x638px]]
"'''Listen port'''": 51820


After the router is done rebooting, log back into it via '''<nowiki>https://192.168.1.1</nowiki>'''. After logging back into the router, navigate to "'''Services>VPN>WireGuard'''":
"'''IP Addresses'''": 10.0.1.2/32


[[File:ServicesVPNWG.png|alt=|636x636px]]
The configuration should look something like this (the public key will differ, don't copy it from here!):


Add new interface with any name. In this example "linode" will be used as name for our  Wireguard interface on router side.
[[File:WGif-setup RUTOS.png]]


[[File:LinodeAddIF.png|alt=|480x480px]]
Next, click on "'''Advanced settings'''" on the left side of the configuration page and fill in the following line:


Once it's created, edit the new inteface by clicking "'''Edit'''":
"'''MTU'''": 1420


[[File:WGEditIF.png|alt=|697x697px]]
[[File:WGif-setupadvanced RUTOS.png]]


When the configuration page loads, make sure "'''Enable'''" box is ticked on (if not already enabled).


Next, click "'''Generate'''" to generate key pairs. When key pairs are visible, make sure to copy the public key from router, it will be needed later for Wireguard configuration on VPS side. Next, enter the following configuration in specified fields:


"'''Listen port'''" - leave it as default: 51820
Leave the metric empty. Once done, move to the bottom of the configuration page and add a new peer by entering its name in the "'''Add new instance'''" field:


"'''IP addresses'''" - enter: 10.0.1.2/32
[[File:AddWGpeer RUTOS.png|1126x1126px]]


"'''Metric'''" - leave empty
Once the peer configuration window opens up, fill in the fields as follows:


"'''MTU'''" - enter: 1420
"'''Public Key'''": copy and paste the public key of your peer (public key which was generated by the virtual private server)


The configuration should look something like this (the public key will differ, don't copy it from here!)
"'''Allowed IPs'''": 10.0.1.1/32


[[File:WGpeerFinalResult.png|alt=|716x716px]]
[[File:WGpeer-general RUTOS.png]]


Next, in the Peer section click "Add". After adding, click "Edit".
When done, click on "Advanced settings" section and fill in the fields as follows:


In description field you can type anything to describe the peer (virtual private server)
"'''Description'''": Linode


"'''Preshared key'''" - leave field empty
"'''Preshared key'''" - leave field empty


"'''Public key'''" - copy and paste the public key of your peer (which was generated by the virtual private server)
"'''Route allowed IPs'''" - enable the option
 
"'''Allowed IPs'''" - for this config put in 10.0.1.1/32
 
"'''Route allowed IPs'''" - enable the box


"'''Endpoint host'''" - IP address of VPS (public IP)
"'''Endpoint host'''" - IP address of VPS (public IP)
Line 361: Line 353:
"'''Persistent keep alive'''" - 25 (recommended value)
"'''Persistent keep alive'''" - 25 (recommended value)


The final result of peer configuration on the router side should look something like this (public key should be different):
[[File:WGpeer-advanced RUTOS.png]]
 
 
The final result of WireGuard instance configuration on the router side should look something like this (public keys will be different):
 
[[File:WG-final RUTOS.png|1103x1103px]]


[[File:PeerCFGfromRouter.png|alt=|723x723px]]




Line 373: Line 370:
===Adding a port forward rule to the router===
===Adding a port forward rule to the router===
----
----
Wrapping up with the router configuration, it's necessary to create a single port forward rule so that router knows what to do with any incoming traffic that's got a destination port of 44158, TCP. To accomplish this, navigate to "'''Network>Firewall>Port Forwarding'''":
Wrapping up with the router configuration, it's necessary to create a single port forward rule so that router knows what to do with any incoming traffic that's got a destination port of 44158, TCP. To accomplish this, navigate to "'''Network>Firewall>Port Forwards'''":


[[File:NavigateToPortFW.png|alt=|431x431px]]
[[File:NavigateToPortFW RUTOS.png]]


At the bottom of this page, you will find a section to create new port forward rule. Enter the following values in the following fields:


"'''Name'''" - name of port forward rule
Once there, enter the following settings in specified fields:


"'''Protocol'''" - TCP
'''Name'''- name the port forward rule. In this configuration example, we’ll be using '''Helium''' as the name of this rule


"'''External ports'''" - 44158
'''External port'''- enter 44158


"'''Internal IP'''" - IP address of Helium miner in LAN
'''Internal IP address'''- select your Helium miner LAN IP address (starts with 192.168.1.X).


"'''Internal ports'''" - 44158
'''Internal port'''- enter 44158


[[File:CreateNewPortFWRule.png|alt=|667x667px]]
Once every field has been filled in, click on “'''Add'''”.


After the rule has been created, click on "'''Edit'''" to edit it:
[[File:PortFWfinalresult RUTOS.png|alt=|1038x1038px]]


[[File:EditPortFWRule.png|alt=|583x583px]]
A new configuration window will pop up. Edit the protocol from "'''TCP+UDP'''" to "'''TCP'''" only and change the "'''Source zone'''" by selecting the zone from "'''wan'''" to "'''wireguard'''" (<u>this is the most important step when configuring this port forward!</u>):


Edit "'''Source zone'''" by selecting the zone from "'''wan'''" to "'''wireguard'''":
[[File:ChangeFW-zone RUTOS.png]]


[[File:PortFWSelectZone.png|alt=|708x708px]]


Leave everything else, go to the bottom of the page and click "'''Save'''".
Leave everything else as-is, then go to the bottom of the page and click "'''Save & Apply'''".




Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/88690...88728"