WireGuard Configuration Example

The information in this page is updated in accordance with 00.07.17.4 firmware version.

Introduction

WireGuard is a modern, lightweight, and secure VPN solution that relies on trusted cryptography. This guide provides an example of setting up a basic WireGuard tunnel between two Teltonika devices.

Prerequisites

For this example you need:

Two RUTOS devices (this guide uses RUTX50 (WG1/server) and RUTX14 (WG2/client) as examples)

A device to configure the routers (PC, laptop, tablet, or smartphone)

One of the RUTOS devices (the server) must have a public IP address

Expected Outcome

A tunnel will be established between RUTX50 (WG1) and RUTX14 (WG2). The assigned tunnel IP addresses will be:

• WG1 (server): 172.16.10.1
• WG2 (client): 172.16.10.2

WG1 (Server) configuration

Creating new wireguard instance

To create Instance:

1. Enter a name for the new WireGuard instance, for example, WG1.
2. Click the button.

Instance configuration

In the pop-up configuration window, open the General settings tab:

1. Enable the instance
2. Copy the Public Key (make sure to copy all of it), this will be required in WG2 (client) configuration
3. Enter Wireguard IP address for this device

Peer configuration

The next step is to configure the Peers that this instance will connect to.

To create a Peer:

1. Enter peer device's name of your choice
2. Click the button.

In the pop-up configuration window, select the General settings tab:

3. Enter the Public Key of the WireGuard peer device
4. Enter the WireGuard tunnel IP address for the peer device (WG2) in the Allowed IPs section
5. Add an additional Allowed IPs entry if you want to reach Peer device's (WG2) LAN subnet (optional)
6. Enable "Route alowed IPs"
7. Save the configuration

WG2 (Client) configuration

Creating new wireguard instance

To create Instance:

1. Enter a name for the new WireGuard instance, for example, WG2.
2. Click the button.

Instance configuration

In the pop-up configuration window, select the General settings tab:

1. Enable the instance
2. Copy the Public Key (make sure to copy all of it), this will be required in WG1 (server) configuration
3. Enter Wireguard tunnel IP address for this device

Peer configuration

The next step is to configure the Peers that this instance will connect to.

To create a Peer:

1. Enter peer device's name of your choice
2. Click the button.

In the pop-up configuration window, select the General settings tab:

3. Enter the Public Key of the WireGuard peer device
4. Enter the Public IP address of the WireGuard peer/server (WG1)
5. Enter the WireGuard tunnel IP address for the peer device in the Allowed IPs section
6. Add Allowed IPs entry if you want to reach Peer device's (WG2) LAN subnet (optional)
7. Enable "Route alowed IPs"
8. Save the configuration

Testing Configuration

To check the Wireguard tunnel connection and test it you need to open Command Line Interface and log in.

Once in the Command Line, enter the following command:

   wg

If the latest handshake line is visible, it indicates that a connection between your devices has been successfully established. Furthermore, if the peer’s LAN subnet IP was added to the Allowed IPs section, you should also be able to ping devices within that subnet.

WG1:

WG2: