How to use open source VPN ‘WireGuard’ with Teltonika RUT240 industrial LTE router

Soracom Arc is a secure link service that allows access to various services on Soracom from any IP network through a WireGuard VPN. By treating WireGuard’s authentication information as a virtual SIM, you can use Soracom’s various platform services in the same way as using Soracom Air’s cellular communication. Please note that initial costs, basic charges, and data communication charges will be incurred while using Soracom Arc, please see the pricing here.

The first step in this process is to prepare the Teltonika RUT240.

Preparing the RUT240

The first step is to connect your RUT240 to the internet, either with a wired connection direct from the WAN port on the RUT240 with a LAN cable to your router from your ISP, or utilize a cellular connection. If you are using a Soracom SIM, you can follow the RUT240 Connection Guide for setup steps. You can also use a SIM from another provider if you choose.

The RUT240 must also be of firmware version RUT2_R_00.07.04.3 in order for the WireGuard connection to Soracom ARC to function properly. Follow the steps below to

Follow the steps below to update the RUT240 firmware.

  1. Access the RUT240 management screen using from a web browser and log in. Please note that the username and password are supplied within the attached instruction manual. You will be required to change the password at the first login.
  2. If the current firmware version displayed within the management screen- System → Firmware → Update Firmware is less than RUT2_R_007.04.03, update to the latest firmware from the Flash New Firmware Image selection.
  3. If you cannot update to RUT2_R_007.04.03 or later from Server or Update from, download the bin file from here and select Update From and select the appropriate file.

Virtual SIM Registration

The next step you will want is to do is to register a virtual SIM from SIM Management → +SIM Registration within the User Console

From the Register Virtual SIM tab, click Register Virtual SIM

Make sure to make a note of the WireGuard connection information, here is an example:

Ensure that you make note of the private key as it will only be displayed the first time. If you forget the private key, please refer to the following procedure to update the virtual SIM authentication information

Configure WireGuard

Access the RUT240 management screen ( from a web browser and set up Wireguard.

  1. If the Mode in the top right corner of the management screen is set to Basic, click and change to Advanced

  1. Add Wireguard setting information from Services → VPN → Wireguard. Set a name under New Configuration Name. Set name and select Add

  1. The WireGuard connection information screen will open, and enter the following information

  • Enable : Set to on
  • Private Key : Enter the PrivateKey information that was written down previously.
  • IP Address: Enter the Address value that was written down from previously
  1. After entering an arbitrary name in the Add New Instance input box, select Add to add connection information on the peer side.
  • Public Key: Enter the Public Key from the previous step
  • Allowed IPs: Enter all of the AllowedIPs written down from the previous step
  • Route Allowed IPs: Set to On

  1. Click Advanced Settings and enter the following information

  2. Endpoint Host- enter the URL of the endpoint that was written down in the previous step. Once you have entered the connection information on the peer side, select Save & Apply

  1. Click Save & Apply at the bottom of the connection information edit screen on the server side.

  1. Click System → Reboot on the RUT240 management screen and select Reboot in the dialog box that appears in order to reboot the RUT240. This should take approximately 1-2 minutes.

Check SORACOM Arc Status

After restarting the RUT240, check the SORACOM Arc connection status. Access and log into the RUT240 management screen ( from a web browser, select System → CLI. A command line screen will appear, enter your RUT240 login information.

  • login: Enter root.
  • Password: Enter the password you set when you logged in the first time

After logging in, type wg and press Enter.

If the handshake is complete, you can confirm that you are connected to SORACOM.

If the handshake has not been performed, send a ping to the IP address of the connection destination noted in step 4 above or restart the RUT240 again,

You can also check the WireGuard connection by pinging

If the number of packets transmitted match the number of packets received, then the connection to SORACOM is complete.


Using SORACOM Arc with a WireGuard compatible router does not require VPN settings for individual devices under the router, so you can easily upload data to various services on SORACOM. It is also a way to send data to SORACOM from devices and microcomputers that do not support WireGuard. In addition to using it as a means to reduce the amount of communication on cellular communication devices.

1 Like