Wiregaurd VPN with Linux Server: Difference between revisions
(Created page with "'''Prerequisite:''' * Linux System * SILBO Router or gateway * Static Public IP on wired internet connection * SIM card with active internet Note: This document is prepared using SILBO 1.16_1.13_RC4 FW version.") |
No edit summary |
||
Line 7: | Line 7: | ||
Note: This document is prepared using SILBO 1.16_1.13_RC4 FW version. | Note: This document is prepared using SILBO 1.16_1.13_RC4 FW version. | ||
'''Create wireguard Server on Linux Server:''' | |||
1. Install WireGuard: | |||
On a Debian/Ubuntu Server Send below commands in CLI: | |||
First Command : sudo apt update | |||
Second Command : sudo apt install wireguard | |||
Third Command : sudo yum install wireguard-dkms wireguard-tools -y | |||
Generate Server Keys: | |||
cd /etc/wireguard/ | |||
umask 077 | |||
wg genkey | tee server_private_key | wg pubkey > server_public_key | |||
Create and Edit Server Configuration: | |||
nano /etc/wireguard/wg0.conf | |||
Enter the following, adjusting as necessary: | |||
[Interface] | |||
Address = 10.7.0.1/24 | |||
ListenPort = 51820 // in configuration 5500 is used. | |||
PrivateKey = [YourServerPrivateKeyFromAbove][Peer] | |||
PublicKey = [YourClientPublicKey] | |||
AllowedIPs = 10.7.0.2/32 | |||
In the testing setup created while preparing document the server looks as below. | |||
[[File:WG0 configuration.png|frameless|620x620px]] | |||
make sure the Public IP is directly connected to the Server system, if not then the port number used in WG should be forwarded from Firewall/Router to the Server System. | |||
'''Configuring SILBO Router/gateway:''' | |||
'''Login to router using default IP 192.168.10.1 and default credentials admin/admin.''' | |||
[[File:Login to device.png|frameless|620x620px]] | |||
Once login we can see the FW version. | |||
[[File:IA44B System.png|frameless|620x620px]] | |||
Change the IP address to required IP, in this testing we are using 192.168.11.1 IP address. | |||
To do that Navigate to Settings>>Network from 192.168.10.1 to 192.168.11.1 and save / update. | |||
'''WG configuration in SILBO Router/Gateway:''' | |||
Let us configure WG client in router to do that Navigate to >> Settings>>VPN and enable “Enable Wireguard” checkbox. | |||
[[File:VPN Wireguard Enabling.png|frameless|620x620px]] | |||
Once it is enabled as shown in above image click on save button. | |||
Next navigate to to >> Settings>>VPN>>Wireguard >> and do as below instructions. | |||
[[File:Wireguard Dashboard 1.png|frameless|620x620px]] | |||
Give a name to the VPN instance and click on “Add” button. | |||
Then popup which opens where we can do actual client configuration as below. | |||
[[File:Wireguard Connection Settings 2.png|frameless|620x620px]] | |||
Click on save and once saved navigate again to WG settings page and click on “Generate button” | |||
Now the Key from this page should be copied and used on the Linux server as client key. | |||
Basically the SILBO Router/Gateway generates a key which should be configured in Sever as client peer key. | |||
[[File:Wireguard VPN Configuration 1.png|frameless|620x620px]] | |||
Once key is configured in WG server then click on Update button. | |||
Upon VPN connection establishes the statue can be seen as “Up” along with IP Address. | |||
[[File:Wireguard VPN Configuration 2.png|frameless|620x620px]] | |||
To Ping server LAN, navigate to features>>Others and give LAN IP and ping. | |||
If the ping is not working then check the firewall side settings whether the ping is allowed or not. | |||
[[File:Ping server LAN.png|frameless|620x620px]] | |||
In WG we should ping WG Virtual IP 10.7.0.1 and from WG server Router Virtual IP can be ping 10.7.0.2 | |||
Using pin 10.7.0.2 command. |
Latest revision as of 08:33, 23 August 2024
Prerequisite:
- Linux System
- SILBO Router or gateway
- Static Public IP on wired internet connection
- SIM card with active internet
Note: This document is prepared using SILBO 1.16_1.13_RC4 FW version.
Create wireguard Server on Linux Server:
1. Install WireGuard:
On a Debian/Ubuntu Server Send below commands in CLI:
First Command : sudo apt update
Second Command : sudo apt install wireguard
Third Command : sudo yum install wireguard-dkms wireguard-tools -y
Generate Server Keys:
cd /etc/wireguard/
umask 077
wg genkey | tee server_private_key | wg pubkey > server_public_key
Create and Edit Server Configuration:
nano /etc/wireguard/wg0.conf
Enter the following, adjusting as necessary:
[Interface]
Address = 10.7.0.1/24
ListenPort = 51820 // in configuration 5500 is used.
PrivateKey = [YourServerPrivateKeyFromAbove][Peer]
PublicKey = [YourClientPublicKey]
AllowedIPs = 10.7.0.2/32
In the testing setup created while preparing document the server looks as below.
make sure the Public IP is directly connected to the Server system, if not then the port number used in WG should be forwarded from Firewall/Router to the Server System.
Configuring SILBO Router/gateway:
Login to router using default IP 192.168.10.1 and default credentials admin/admin.
Once login we can see the FW version.
Change the IP address to required IP, in this testing we are using 192.168.11.1 IP address.
To do that Navigate to Settings>>Network from 192.168.10.1 to 192.168.11.1 and save / update.
WG configuration in SILBO Router/Gateway:
Let us configure WG client in router to do that Navigate to >> Settings>>VPN and enable “Enable Wireguard” checkbox.
Once it is enabled as shown in above image click on save button.
Next navigate to to >> Settings>>VPN>>Wireguard >> and do as below instructions.
Give a name to the VPN instance and click on “Add” button.
Then popup which opens where we can do actual client configuration as below.
Click on save and once saved navigate again to WG settings page and click on “Generate button”
Now the Key from this page should be copied and used on the Linux server as client key.
Basically the SILBO Router/Gateway generates a key which should be configured in Sever as client peer key.
Once key is configured in WG server then click on Update button.
Upon VPN connection establishes the statue can be seen as “Up” along with IP Address.
To Ping server LAN, navigate to features>>Others and give LAN IP and ping.
If the ping is not working then check the firewall side settings whether the ping is allowed or not.
In WG we should ping WG Virtual IP 10.7.0.1 and from WG server Router Virtual IP can be ping 10.7.0.2
Using pin 10.7.0.2 command.