![]() If it comes back with a response, you should be all done! :~$ ping 10.20.31.101 Try pinging a device on the other end, from either end. This should do the trick, on each end type this with the relevant info: ip route add / dev wg0ġ1. This is so that your routers know about the networks on the other end and can direct traffic accordingly. As a helpful commenter pointed out, you may need to add static routes if it doesn’t happen automatically for you. You should also see a new wg0 interface in the dashboard, possibly with traffic going over it already.ġ0. Persistent keepalive: every 15 seconds Dorm/Remote Router: ![]() Transfer: 453.80 MiB received, 116.24 MiB sent Theoretically, if everything worked, you should be able to see if there’s a connection. Edit the ruleset configuration and add a new rule.Ĩ. Go to the home router web UI, then Firewall/NAT -> Firewall Policies -> WAN_Local. Commit and save the changes on each router (otherwise they won’t take affect and be lost), then exit from configuration mode. Set interfaces wireguard wg0 peer persistent-keepalive 15Ħ. Set interfaces wireguard wg0 peer endpoint set interfaces wireguard wg0 peer allowed-ips 10.0.0.0/8 Line 3 keeps the connection active so it works without port forwarding and doesn’t disconnect after a short while of no traffic. Skip line 2 on the side with port forwarding (only useful on the side that can reach out to the other side with port forwarding), or run it on both sides if there is. Set up the other router (peer) on each router. I used 10.100.100.2 for the wireguard tunnel IP on this one. Set interfaces wireguard wg0 private-key Ĥ. Set interfaces wireguard wg0 route-allowed-ips true Set interfaces wireguard wg0 listen-port 51820 Set interfaces wireguard wg0 address 10.100.100.1/24 It wouldn’t allow me to use 0.0.0.0/0 like I wanted, so this works out too since both subnets are on 10.x.x.x and 10.0.0.0/8 allows everything in that range. I used 10.100.100.1 for the wireguard tunnel IP so that I could set up the allowed IPs as 10.0.0.0/8. Top line of output is the private key, the bottom line is the public key. Copy and paste the output into a text file for convenience. Generate public and private keys on each router. Sudo apt-get install wget (alternatively, use curl)Ģ. Find the download URL for your router and copy and paste it on line 3. Install vyatta-wireguard on both routers. Here’s a quick and basic diagram of my setup, made using Creately.ġ. My goal here today is to help someone else set up something similar without all the headache I went through, so without further delay, here’s how I did it. The details on how to set it up in on my hardware though were somewhat lacking, and it took quite a few hours to get it actually functional. WireGuard is a new type of VPN that aims to be fast, lightweight, and easy to set up (if you’re not me apparently), all while being highly secure. I had made a post on Reddit with my IPSEC woes and it was suggested that I tried out WireGuard. (may be possible but my Googling couldn’t find a way)įinally, Plan C was to use WireGuard. My next roadblock though was that I can’t port forward anything from my dorm, which made it difficult or impossible to establish an IPSEC tunnel. Both EdgeRouters have hardware offloading for the encryption used in typical IPSEC configurations, so this seemed like a good high performance option. My dorm has 100/100 and home has 130/35, so that wasn’t going to cut it. My original plan was to use OpenVPN because I’m familiar with it, but upon testing, I found the performance to be seriously lacking (up to about 7mbps). Originally I was going to use a Cisco Meraki MX64 firewall ( get one for free here) at my dorm as my router, but the functionality is somewhat limited for my uses and I prefer the EdgeRouters, so I got a cheap EdgeRouter X off of eBay (college budget life) and went to work. My router of choice at home is an EdgeRouter Lite from Ubiquiti Networks. This lets devices on each end of the VPN tunnel communicate with each other as if they were directly on the same network. The best way to do this is with a site to site VPN. I have multiple wired devices, so at the very least I needed a switch, but I also wanted all the devices to be able to talk to everything back on my home network. They provide 1 Ethernet jack per person per room. I’ve recently started college and I’m living in one of the dorms on campus.
0 Comments
Leave a Reply. |