WireGuard Configuration Example
WireGuard is simple, fast, lean, and modern VPN that utilizes secure and trusted cryptography. This page will show you an example on how to configure a basic tunnel between WireGuard interface and its peers.
Note: WireGuard is additional software that can be installed from the Services → Package Manager page (in RUT9/RUT2 this page is located in System → Package Manager).
For this example you need:
In the end there will be created a tunnel between RUTX09 and TRB141. RUTX09 will have 10.0.0.1 and TRB141 will have 10.0.0.2 tunnel IP addresses.
In this example Instance is named by its device name to make it easier to follow images.
The following part of example applies to both devices.
After that you need to Enable this instance and in the Listen Port field enter your desired port. WireGuard by default uses 51820 port which will be used in this example.
Lastly you need to enter IP Address for instance. As mentioned in the beginning, RUTX09 will have 10.0.0.1 and TRB141 will have 10.0.0.2 IP addresses.
Note: enter IP address and its mask e.g. 10.0.0.1/24
Note: fields with numbers 1 and 2 will be used later when configuring remote peers.
Note: fields with numbers 3 and 4 will be used later when configuring remote peers.
Until now you have configured WireGuard instance itself, now you need to configure Peers which are going to connect to those instances.
One Peer for each device will be created:
In the General Setup section you need to enter Public Key and Allowed IPs from the Remote instance you want to connect to.
In this example a peer from RUTX09 (named trb1peer) needs to connect to TRB141, which means trb1peer will enter Public Key and Allowed IPs from TRB141.
Note: the numbers in the images below represent a number of field from which that value was taken from the images in Instance Configuration.
Lastly atleast one device has to enter Public IP address from Remote instance. Enter IP address, save and move to the Testing Configuration.
If in the Instance Configuration you specified port other than 51820 then you also need to specify it here.
To initiate connection and test it you need to open Command Line Interface (Services → CLI) and login. Then type
If you see latest handshake line then it means you have established a connection between your devices and you are able to communicate via IP addresses specified in number 2 and 4 fields from the images in Instance Configuration.
If you dont see latest handshake line, then ping the Public IP address you specified in Endpoint Host field, this will initiate handshake.