Vyos How to Setup Wireguard

/ 2019-09-05 14:07

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.

Today I will try to deploy wireguard with two vyos .

Site-to-Sit mode

Toplogy   |--------------------------------|               |---------------------------------|   |      Server                    |               |        Client                   |    |                                |-----cloud ----|  wan:${wan-address}             |                               | wireguard tunnel interface:wg01|               | Wireguard tunnel interface:wg01 |   |--------------------------------|               |---------------------------------|

Server configuration

# Generates a new keypair, if one exists already is asks you if you want to overwrite the existing one.   generate wireguard keypair      #Show the private key   show wireguard privkey       #Show the public key   show wireguard pubkey      #Enter configuration mode   configure      #set virtual network interfaces for wireguard   set interfaces wireguard wg01 address '172.16.100.1/24'      #Set Wireguard listen port   set interfaces wireguard wg01 port '50100'      #Set wireguard allow client ip ranges to access.   set interfaces wireguard wg01 peer CLIENT1 allowed-ips '172.16.200.1/24'       #Set how offten to send keep alives in seconds   set interfaces wireguard wg01 peer CLIENT1 persistent-keepalive '15'      #Set client public key   set interfaces wireguard wg01 peer CLIENT1 pubkey '${client-pubkey}'      #set static routing   set protocols static interface-route '172.16.200.0/24' next-hop-interface wg01      #make configuration applied   commit      #Save configuration   save      #Test wireguard connection.   ping 172.16.200.1          

Client configuration

# Generates a new keypair, if one exists already is asks you if you want to overwrite the existing one.   generate wireguard keypair      #Show the private key   show wireguard privkey       #Show the public key   show wireguard pubkey         #Set wireguard virtual network interfaces   set interfaces wireguard wg01 address '172.16.200.1/24'      #Set wireguard virtual network listen port   set interfaces wireguard wg01 port '50100'      #set wireguard accept packets of network.   set interfaces wireguard wg01 peer SERVER allow-ips '172.16.100.0/24'      #Set connection to server   set interfaces wireguard wg01 peer SERVER endpoint '${server-wan-address}:50100'      #Set public key for server   set interfaces wireguard wg01 peer SERVER pubkey '${server-pubkey}'      #Set how offten to send keep alives in seconds   set interfaces wireguard wg01 per SERVEr persistent-keepalive 15         #set static routing to client.   set protocols static interface-route '172.16.100.0/24' next-hop-interface wg01         #Make the settings applied!   commit       #save configuration   save         #Test wireguard connection

All Client routing via SERVER

Server configuration

## Generates a new keypair, if one exists already is asks you if you want to overwrite the existing one.   generate wireguard keypair      #Show the private key   show wireguard privkey       #Show the public key   show wireguard pubkey      #Enter configuration mode   configure      #set virtual network interfaces for wireguard   set interfaces wireguard wg01 address '172.16.100.1/24'      #Set Wireguard listen port   set interfaces wireguard wg01 port '50100'      #Set wireguard allow client ip ranges to access.   set interfaces wireguard wg01 peer CLIENT1 allowed-ips '172.16.200.1/24'          #Set wireguard allow client ip ranges to access.   set interfaces wireguard wg01 peer CLIENT1 allowed-ips '0.0.0.0/0'       #Set how offten to send keep alives in seconds   set interfaces wireguard wg01 peer CLIENT1 persistent-keepalive '15'      #Set client public key   set interfaces wireguard wg01 peer CLIENT1 pubkey '${client-pubkey}'      #set static routing   set protocols static interface-route '172.16.200.0/24' next-hop-interface wg01      #make configuration applied   commit      #Save configuration   save      #Test wireguard connection.   ping 172.16.200.1

Client configuration

# Generates a new keypair, if one exists already is asks you if you want to overwrite the existing one.   generate wireguard keypair      #Show the private key   show wireguard privkey       #Show the public key   show wireguard pubkey         #Set wireguard virtual network interfaces   set interfaces wireguard wg01 address '172.16.200.1/24'      #Set wireguard virtual network listen port   set interfaces wireguard wg01 port '50100'      #set wireguard accept packets of network.   set interfaces wireguard wg01 peer SERVER allow-ips '172.16.100.0/24'      #Set connection to server   set interfaces wireguard wg01 peer SERVER endpoint '${server-wan-address}:50100'      #Set public key for server   set interfaces wireguard wg01 peer SERVER pubkey '${server-pubkey}'      #Set how offten to send keep alives in seconds   set interfaces wireguard wg01 per SERVEr persistent-keepalive 15         #set static routing to client.   set protocols static interface-route '172.16.100.0/24' next-hop-interface wg01      commit    save         # Test Wireguard connection.   ping 172.16.100.1

Reference

Shared via Inoreader