VPN / IPsec
The RC500 supports multiple VPN technologies for secure site-to-site and remote access connectivity.
WireGuard
Section titled “WireGuard”WireGuard provides a modern, high-performance VPN tunnel with minimal configuration.
Configuration
Section titled “Configuration”Navigate to Services → WireGuard:
| Field | Description |
|---|---|
| Enable | WireGuard interface on/off |
| Listen Port | UDP port for incoming connections (default: 51820) |
| Private Key | Device’s WireGuard private key (auto-generated) |
| Public Key | Displayed for peer configuration |
| MTU | Maximum transmission unit (default: 1420) |
Peer Configuration
Section titled “Peer Configuration”Add remote peers:
| Field | Description |
|---|---|
| Public Key | Peer’s WireGuard public key |
| Endpoint | Peer’s IP:port (for outgoing connections) |
| Allowed IPs | Networks routable through this peer (CIDR) |
| Keepalive | Persistent keepalive interval (seconds) |
| Preshared Key | (Optional) Additional symmetric key |
Routing
Section titled “Routing”Configure which traffic uses the WireGuard tunnel:
- Allowed IPs on the peer defines which destinations route through the tunnel
- Use
0.0.0.0/0to route all traffic through the VPN (full tunnel) - Use specific subnets for split-tunnel (e.g.,
10.0.0.0/8)
IPsec provides standards-based VPN tunneling compatible with enterprise firewalls.
Configuration
Section titled “Configuration”Navigate to Services → IPsec:
Phase 1 (IKE)
Section titled “Phase 1 (IKE)”| Field | Description |
|---|---|
| Remote Gateway | IP address of the remote IPsec endpoint |
| Authentication | Pre-shared key or certificate |
| IKE Version | IKEv1 or IKEv2 (recommended) |
| Encryption | AES-128/256, 3DES |
| Hash | SHA256, SHA384, SHA512 |
| DH Group | 14, 15, 16, or 19-21 (ECP) |
| Lifetime | SA lifetime in seconds |
Phase 2 (ESP)
Section titled “Phase 2 (ESP)”| Field | Description |
|---|---|
| Local Subnet | LAN subnet behind this device |
| Remote Subnet | LAN subnet behind the remote gateway |
| Encryption | AES-128/256, 3DES |
| Hash | SHA256, SHA384, SHA512 |
| PFS Group | Perfect forward secrecy DH group |
| Lifetime | SA lifetime in seconds |
Status
Section titled “Status”The IPsec status page shows:
- Tunnel up/down state
- Bytes transmitted/received
- Last rekey time
- Error messages (if tunnel fails)
Remote Access
Section titled “Remote Access”The RC500 includes an OpenVPN-based remote access tunnel for administrative purposes.
How It Works
Section titled “How It Works”Navigate to Services → Remote Access:
| Field | Description |
|---|---|
| Enable | Remote access tunnel on/off |
| Status | Connected / Disconnected / Error |
When enabled:
- Device establishes an outbound OpenVPN connection to the Telisky cloud
- Administrators can connect to the device through the cloud relay
- Provides SSH and web UI access without requiring port forwarding
Use Cases
Section titled “Use Cases”- Remote troubleshooting when the device is behind NAT/CGNAT
- Administrative access without exposing ports to the internet
- Temporary access that can be enabled/disabled from the MDM portal
Remote Debug Tunnel
Section titled “Remote Debug Tunnel”A separate SSH debug tunnel is available for engineering support:
Navigate to Services → Remote Debug:
- Creates an SSH tunnel back to a designated support server
- Used exclusively for support/debugging scenarios
- Can be enabled remotely via MDM commands
- Automatically disabled after timeout
VPN via MDM
Section titled “VPN via MDM”VPN configurations can be pushed from the MDM platform:
- WireGuard peer configuration (keys, endpoints, allowed IPs)
- IPsec tunnel parameters
- Remote access enable/disable
This allows centralized VPN management across a fleet without manual device configuration.