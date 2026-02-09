Yamaha RTX Router
This tutorial describes how to configure the Yamaha RTX840 and RTX1300 series router to connect to Cloudflare Magic WAN via IPsec tunnels.
These configurations were tested on the Yamaha RTX840 and RTX1300 series with the following firmware versions:
- RTX840 series: 23.02.02
- RTX1300 series: 23.00.17
You need to add IPsec tunnels and static routes to your Cloudflare account via the Cloudflare dashboard.
Before proceeding, ensure that you have the anycast IPs associated with your account. Check with your Cloudflare account team if you do not yet have them.
Follow the Add tunnels instructions to create the required IPsec tunnel. When creating your IPsec tunnel, make sure you define the following settings:
- Tunnel name: Enter your tunnel name. In this example, it is
RTX840-vpn01.
- Interface address: Enter the internal tunnel IP on the Cloudflare side of the IPsec tunnel. In this example, it is
172.30.223.2/31.
- Customer endpoint: Enter the WAN IP address of your RTX router. In our example, this is
194.xx.xx.xx. This is the fixed public IPv4 address you get from your ISP for your internet service.
- Cloudflare endpoint: The Cloudflare anycast IP assigned to you by your account team.
- Health check rate: Medium.
- Health check type: Request.
- Health check direction: Bidirectional.
- Health check target: Default.
- Pre-shared key: Select Use my own pre-shared key and paste a secure key of your own.
- Replay protection: Do not check the box, to keep this disabled.
- Tunnel name: Enter your tunnel name. In this example, it is
After you create your tunnel, the Cloudflare dashboard will load a list of tunnels set up for your account. Select the IPsec tunnel you have just created, and check the following setting:
- FQDN ID: Copy this ID and save it. You will need it when configuring the IPsec tunnel on your RTX router.
Static routes are required for any networks that will be reached via the IPsec tunnel. In our example, there is one network:
172.16.2.0/24.
Follow the Configure static routes instructions to create a static route (settings not mentioned here can be left with their default values):
- Description:
RTX840-lan01
- Prefix:
172.16.2.0/24
- Tunnel/Next hop: RTX840-vpn01
Use the CLI to configure these settings.
In the Yamaha RTX router CLI, you can run
show ipsec sa and
show status tunnel to check the status of the IPsec VPN.