How to conifugre wireguard in vyos
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
Today I will try to deploy wireguard with two vyos .
Site-to-Sit mode
Toplogy
|--------------------------------| |---------------------------------|
| Server | | Client |
| |-----cloud ----| wan:${wan-address} |
| wireguard tunnel interface:wg01| | Wireguard tunnel interface:wg01 |
|--------------------------------| |---------------------------------|
Server configuration
# Generates a new keypair, if one exists already is asks you if you want to overwrite the existing one.
generate wireguard keypair
#Show the private key
show wireguard privkey
#Show the public key
show wireguard pubkey
#Enter configuration mode
configure
#set virtual network interfaces for wireguard
set interfaces wireguard wg01 address '172.16.100.1/24'
#Set Wireguard listen port
set interfaces wireguard wg01 port '50100'
#Add CLIENT1
#Set wireguard allow client ip ranges to access.
set interfaces wireguard wg01 peer CLIENT1 allowed-ips '172.16.100.2/32'
#Set how offten to send keep alives in seconds
set interfaces wireguard wg01 peer CLIENT1 persistent-keepalive '15'
#Set presharekey
set interfaces wireguard wg01 peer CLIENT1 preshared-key gLdIlCM/AsobjfDgFK/cdgsAcjILTzLY4df5BskRcqY=
#Set client public key
set interfaces wireguard wg01 peer CLIENT1 pubkey '${client-pubkey}'
#set static routing.
set protocols static interface-route '172.16.100.0/24' next-hop-interface wg01
#make configuration applied
commit
#Save configuration
save
Client configuration
1. vyos wireguard client
# Generates a new keypair, if one exists already is asks you if you want to overwrite the existing one.
generate wireguard keypair
#Show the private key
show wireguard privkey
#Show the public key
show wireguard pubkey
#Set wireguard virtual network interfaces
set interfaces wireguard wg01 address '172.16.100.2/32'
#set wireguard accept packets of network.
set interfaces wireguard wg01 peer SERVER allow-ips '0.0.0.0/0'
#Set connection to server
set interfaces wireguard wg01 peer SERVER endpoint '${server-wan-address}:50100'
#Set how offten to send keep alives in seconds
set interfaces wireguard wg01 peer SERVEr persistent-keepalive 15
#Set public key for server
set interfaces wireguard wg01 peer SERVER pubkey '${server-pubkey}'
#Set presharekey
set interfaces wireguard wg01 peer SERVER preshared-key gLdIlCM/AsobjfDgFK/cdgsAcjILTzLY4df5BskRcqY=
#set static routing to client.
set protocols static interface-route '172.16.100.0/24' next-hop-interface wg01
#Make the settings applied!
commit
#save configuration
save
#Test wireguard connection
2. macos wireguard client
- Download wireguard client for macos: Download from AppStore
- set configure like this
[Interface]
PrivateKey = AJ2oJcAbxCmeovofOMrJooMMlLMNNKGWuTqffF7oXVU=
Address = 172.16.100.3/32
DNS = 1.1.1.1
[Peer]
PublicKey = m6oJcAbxCmeovofOMrPCCCDkGWuTqfkGWufeovofEII=
PresharedKey = k82ffjxKzt3vy4JR5lUMRUj1eH6PGRkLgqk)knYIHaM=
AllowedIPs = 0.0.0.0/0
Endpoint = $WIREGUARD_SERVER_ADDRESS:$PORT
PersistentKeepalive = 15
3. andorid/ios
- Edit a configuration and save it as a config file.
- install qeencode
brew install qrencode
qrencode
qrencode -t ansiutf8 < client_wireguard_ios.conf
- with wireguard client scan qr to confirm it.