31
edits
Changes
Wireguard Peer To Peer Configuration example (view source)
Revision as of 15:24, 7 September 2023
, 15:24, 7 September 2023no edit summary
==Introduction==
==Introduction==
Introduction to a Peer-to-Peer WireGuard configuration example, this also covers LAN-TO-LAN connectivity aspect as well.
Introduction to a Peer-to-Peer WireGuard configuration example, this also covers LAN-TO-LAN connectivity aspect as well.
==Prerequisites==
==Prerequisites==
For this example you need:
For this example you need:
<li>Three RUTOS devices</li>
<li>Three RUTOS devices</li>
<li>One end device must have '''Public''' IP address</li>
<li>One end device must have '''Public''' IP address</li>
==WireGuard Instances==
==WireGuard Instances==
To create Instance enter its name and click the <b>Add</b> button.
To create Instance enter its name and click the <b>Add</b> button.
'''<b>Note:</b>''' You will need to copy the Public and Private Keys for Peer instances between server and Clients
'''<b>Note:</b>''' You will need to copy the Public and Private Keys for Peer instances between server and Clients
<li>Please ensure that you save the Public key for later use</li>
<li>Please ensure that you save the Public key for later use</li>
<li>Enter the IP address of the WireGuard Interface on the server (e.g. 10.0.0.1/24) </li>
<li>Enter the IP address of the WireGuard Interface on the server (e.g. 10.0.0.1/24) </li>
[[File:WireGuard_Server.png]]
[[File:WireGuard_Server.png]]
==Peers Configuration==
==Peers Configuration==
===Peer to Peer Setup===
In the <b>'''General Setup<b>''' section you need to enter '''Public Key''' and '''Allowed IPs''' from the Remote instance you want to connect to.
In the <b>'''General Setup<b>''' section you need to enter '''Public Key''' and '''Allowed IPs''' from the Remote instance you want to connect to.
You will need the Public Keys of the Client VPN users that you setup, so it is recommended to create the Instances to Generate the Keys for use of Peer instances
You will need the Public Keys of the Client VPN users that you setup, so it is recommended to create the Instances to Generate the Keys for use of Peer instances
===Peers Configuration Client 1===
Client 1 is setup with the following details, WireGuard Interface IP is set as 10.0.0.2 with a LAN range of 192.168.5.0/24
Client 1 is setup with the following details, WireGuard Interface IP is set as 10.0.0.2 with a LAN range of 192.168.5.0/24
You will need to create a new WireGuard instance and Peer connection, please ensure you copy the public Key that was generated via the creation of the instance, as this will be used on the Server side for the VPN.
You will need to create a new WireGuard instance and Peer connection, please ensure you copy the public Key that was generated via the creation of the instance, as this will be used on the Server side for the VPN.
<li>Copy the Public Key and save it in a text file for later use, as it will be used on the Server Peer configuration</li>
<li>Copy the Public Key and save it in a text file for later use, as it will be used on the Server Peer configuration</li>
<li>Save and Apply the settings</li>
<li>Save and Apply the settings</li>
[[File:WireGuard_Client1.png]]
[[File:WireGuard_Client1.png]]
[[File:WireGuard_Client1_HostEnd.png]]
[[File:WireGuard_Client1_HostEnd.png]]
===Peers Configuration Client 2===
Client 2 is setup with the following details, WireGuard Interface IP is set as 10.0.0.3 with a LAN range of 192.168.10.0/24
Client 2 is setup with the following details, WireGuard Interface IP is set as 10.0.0.3 with a LAN range of 192.168.10.0/24
You will need to create a new WireGuard instance and Peer connection, please ensure you copy the public Key that was generated via the creation of the instance, as this will be used on the Server side for the VPN.
You will need to create a new WireGuard instance and Peer connection, please ensure you copy the public Key that was generated via the creation of the instance, as this will be used on the Server side for the VPN.
<li>Copy the Public Key and save it in a text file for later use, as it will be used on the Server Peer configuration</li>
<li>Copy the Public Key and save it in a text file for later use, as it will be used on the Server Peer configuration</li>
<li>Save and Apply the settings</li>
<li>Save and Apply the settings</li>
[[File:WireGuard_Client2.png]]
[[File:WireGuard_Client2.png]]
[[File:WireGuard_Client2_HostEnd.png]]
[[File:WireGuard_Client2_HostEnd.png]]
===Peers Configuration Client 3===
Please ensure you download WireGuard for your PC (Windows Client)
Please ensure you download WireGuard for your PC (Windows Client)
Once you have created a new Tunnel, you will need to add the below lines of code to finish the VPN setup,
Once you have created a new Tunnel, you will need to add the below lines of code to finish the VPN setup,
<li>Address = 10.0.0.4/24</li>
<li>Address = 10.0.0.4/24</li>
<li>EndPoint = Server’s IP (our instance was 192.168.1.1 as it was part of the LAN) </li>
<li>EndPoint = Server’s IP (our instance was 192.168.1.1 as it was part of the LAN) </li>
[[File:WireGuard_PC_Client.png]]
[[File:WireGuard_PC_Client.png]]
===Peers Configuration Server====
====Server to Peer Setup====
In the <b>'''General Setup'''<b> section you need to enter <b>'''Public Key'''<b> and <b>'''Allowed IPs'''<b> from the Remote instance you want to connect to.
In the <b>'''General Setup'''<b> section you need to enter <b>'''Public Key'''<b> and <b>'''Allowed IPs'''<b> from the Remote instance you want to connect to.
Create your 1<sup>st</sup> client peer under the server
Create your 1<sup>st</sup> client peer under the server
<li>Enter the Public Key you created for Client 1</li>
<li>Enter the Public Key you created for Client 1</li>
<li>Ensure you have enabled “Route allowed IPs” </li>
<li>Ensure you have enabled “Route allowed IPs” </li>
[[File:WireGuard_Server_Client1.png]]
[[File:WireGuard_Server_Client1.png]]
===Server To Client 2===
Create your 2<sup>nd</sup> client peer under the server
Create your 2<sup>nd</sup> client peer under the server
<li>Enter the Public Key you created for Client 2</li>
<li>Enter the Public Key you created for Client 2</li>
<li>Ensure you have enabled “Route allowed IPs” </li>
<li>Ensure you have enabled “Route allowed IPs” </li>
[[File:WireGuard_Server_Client2.png]]
[[File:WireGuard_Server_Client2.png]]
===Server To Client 3 (PC)===
Create your 3<sup>rd</sup> client peer under the server
Create your 3<sup>rd</sup> client peer under the server
<li>Enter the Public Key you created for Client 2</li>
<li>Enter the Public Key you created for Client 2</li>
<li>Ensure you have enabled “Route allowed IPs” </li>
<li>Ensure you have enabled “Route allowed IPs” </li>
[[File:WireGuard_Server_Client3.png]]
[[File:WireGuard_Server_Client3.png]]
===Testing the Setup===
===Testing====
Once you have setup the WireGuard Server and Peer settings, you can test by making use of the below
Once you have setup the WireGuard Server and Peer settings, you can test by making use of the below