7,851
edits
Changes
no edit summary
<tr>
<tr>
<td>TUN/TAP</td>
<td>TUN/TAP</td>
<td>TUN (tunnel) {{!}} TAP (bridged); default: <b>TUN (tunnel)</b></td>
<td>TUN (tunnel) {{!}} <span style="color:brown ;">TAP (bridged)</span>; default: <b>TUN (tunnel)</b></td>
<td>Virtual network device type.
<td>Virtual network device type.
<ul>
<ul>
</ul>
</ul>
</td>
</td>
</tr>
<tr>
<td><span style="color:brown ;">Bridge</span></td>
<td>Bridge interface for TAP; default: br-lan</td>
<td>Assign a TAP interface to a bridge.</td>
</tr>
</tr>
<tr>
<tr>
<tr>
<tr>
<td>Authentication method</td>
<td>Authentication method</td>
<td>Pre-shared key {{!}} <span style="color:darkred">X.509 {{!}} EAP</span> {{!}} <span style="color:blue">PKCS#12</span>; default: <b>Pre-shared key</b></td>
<td><span style="color:chocolate">Pre-shared key</span> {{!}} <span style="color:darkred">X.509 {{!}} EAP</span> {{!}} <span style="color:blue">PKCS#12</span>; default: <b>Pre-shared key</b></td>
<td>Specify authentication method. Choose between Pre-shared key and X.509 certificates.</td>
<td>Specify authentication method. Choose between Pre-shared key and X.509 certificates.</td>
</tr>
</tr>
WireGuard works by adding an interface which acts as a tunnel. To create one enter its name and click the <b>Add</b> button. This should add a new Wireguard instance and open a configuration window.
WireGuard works by adding an interface which acts as a tunnel. To create one enter its name and click the <b>Add</b> button. This should add a new Wireguard instance and open a configuration window.
[[File:Networking_rutx_vpn_wireguard_v1.png|border|class=tlt-border]]
[[File:Networking_rutx_vpn_wireguard_v2.png|border|class=tlt-border]]
===General Instance Settings===
===General Instance Settings===
Private keys and generate them, specify Port and IP addresses for communication.
Private keys and generate them, specify Port and IP addresses for communication.
[[File:Networking_rutx_vpn_wireguard_instance_general_v1.png|border|class=tlt-border]]
[[File:Networking_rutx_vpn_wireguard_instance_general_v3.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
<tr>
<tr>
<td>Private Key</td>
<td>Private Key</td>
<td>string; default: <b>none</b></td>
<td>string; default: <b>-</b></td>
<td>Private Key used in authentication.</td>
<td>Private Key used in authentication.</td>
</tr>
</tr>
</tr>
</tr>
<tr>
<tr>
<td>Generate</td>
<td>Generate key pair</td>
<td>-(interactive button)</td>
<td>-(interactive button)</td>
<td>Click to generate Public Key and Private Key.</td>
<td>Click to generate Public Key and Private Key.</td>
</tr>
</tr>
<tr>
<tr>
Advanced Settings section contains Metric and MTU configuration for this WireGuard interface.
Advanced Settings section contains Metric and MTU configuration for this WireGuard interface.
[[File:Networking_rutos_vpn_wireguard_instance_advanced_v2.png|border|class=tlt-border]]
[[File:Networking_rutos_vpn_wireguard_instance_advanced_v3.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
<td>Metric</td>
<td>Metric</td>
<td>positive integer; default: <b>none</b></td>
<td>positive integer; default: <b>none</b></td>
<td>Specify metric for this tunnel interface. Lower number means higher priority.</td>
<td>Specify (Optional) metric for this tunnel interface. Lower number means higher priority.</td>
</tr>
<tr>
<td>Listen port</td>
<td>integer [1..65535]; default: <b>51820</b></td>
<td>Required. UDP port used for outgoing and incoming packets.</td>
</tr>
</tr>
<tr>
<tr>
<td>MTU</td>
<td>MTU</td>
<td>integer [1280..1420]; default: <b>none</b></td>
<td>integer [68..9200]; default: <b>none</b></td>
<td>Maximum Transmission Unit for this tunnel interface.</td>
<td>Maximum Transmission Unit of tunnel interface. Range [68 to 9200]. If not specified, the MTU is automatically determined by physical interface MTU value.</td>
</tr>
</tr>
<tr>
<tr>
<td>DNS servers</td>
<td>DNS servers</td>
<td>ip | ips; default: <b>none</b></td>
<td>ip; default: <b>none</b></td>
<td>DNS server(s) for this Wireguard interface.</td>
<td>DNS server(s) for this Wireguard interface.</td>
</tr>
</tr>
----
----
The Peers section is used to create and configure all the peers for this interface.
The Peers section is used to create and configure all the peers for this interface. To create one enter its name and click the <b>Add</b> button.
To create one enter its name and click the <b>Add</b> button.
[[File:Networking_rutx_vpn_wireguard_instance_peer_v3.png|border|class=tlt-border]]
[[File:Networking_rutx_vpn_wireguard_instance_peer_v2.png|border|class=tlt-border]]
In the General section of Peer instance you can configure basic information about the endpoint to allow communications.
In the General section of Peer instance you can configure basic information about the endpoint to allow communications.
[[File:Networking_rutos_vpn_wireguard_instance_peer_instance_general_v2.png|border|class=tlt-border]]
[[File:Networking_rutos_vpn_wireguard_instance_peer_instance_general_v3.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
<td>Public Key</td>
<td>Public Key</td>
<td>string; default: <b>none</b></td>
<td>string; default: <b>none</b></td>
<td>Endpoint's Public Key.</td>
<td>Base64-encoded public key of peer.</td>
</tr>
<tr>
<td>Endpoint host</td>
<td>domain name {{!}} ip; default: <b>none</b></td>
<td>Host of peer. Names are resolved prior to bringing up the interface.</td>
</tr>
</tr>
<tr>
<tr>
<td>Allowed IPs</td>
<td>Allowed IPs</td>
<td>ip; default: <b>none</b></td>
<td>ip; default: <b>none</b></td>
<td>A single IP address or a list of them which are allowed to communicate with this peer.</td>
<td>IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel.</td>
</tr>
</tr>
<tr>
<tr>
<td>Route Allowed IPs</td>
<td>Route Allowed IPs</td>
<td>off {{!}} on; default: <b>off</b></td>
<td>off {{!}} on; default: <b>off</b></td>
<td>Enable to create routes for <b>Allowed IPs</b> for this peer.</td>
<td>Create routes for Allowed IPs for this peer.</td>
</tr>
</tr>
</table>
</table>
settings such as its Description, Endpoint Host and Port, Preshared Key and other.
settings such as its Description, Endpoint Host and Port, Preshared Key and other.
See more information below.
See more information below.
[[File:Networking_rutx_vpn_wireguard_instance_peer_instance_advanced_v1.png|border|class=tlt-border]]
[[File:Networking_rutx_vpn_wireguard_instance_peer_instance_advanced_v2.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
</tr>
</tr>
<tr>
<tr>
<td>Description</td>
<td>Tunnel source</td>
<td>string; default: <b>none</b></td>
<td>Any {{!}} LAN {{!}} WAN {{!}} Mobile; default: <b>Any</b></td>
<td>Description of this peer.</td>
<td>Interface to bind this instance to.</td>
</tr>
</tr>
<tr>
<tr>
</tr>
</tr>
<tr>
<tr>
<td>Endpoint Port</td>
<td>off {{!}} on; default: <b>off</b></td>
<td>integer [1..65535]; default: <b>none</b></td>
<td>Enable to create routes for <b>Allowed IPs</b> for this peer.</td>
<td>Port of peer.</td>
</tr>
</tr>
<tr>
<tr>
<td>Endpoint Host</td>
<td>Persistent Keep Alive</td>
<td>integer [0..65535]; default: <b>none</b></td>
<td>integer [0..65535]; default: <b>none</b></td>
<td>Specify port to connect to Remote Endpoint. It will be set to <b>51820</b> if left empty.</td>
<td>Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25. Range [0 to 65535].</td>
</tr>
</tr>
<tr>
<tr>
<td>Persistent Keep Alive</td>
<td>Routing table</td>
<td>integer [0..65535]; default: <b>none</b></td>
<td>string; default: <b>none</b></td>
<td>Specify time amount in seconds between Keep Alive messages. By default this option is <b>0</b> which means it is disabled. Recommended value for a device behind NAT is 25.</td>
<td>Defines which routing table to use for this peer routes, not necessary to configure for most setups..</td>
</tr>
</tr>
</table>
</table>