Changes for page Use Wireguard VPN in Dragino Gateways

Summary

• Page properties (2 modified, 0 added, 0 removed)
• Attachments (0 modified, 7 added, 0 removed)
  • image-20240102190036-1.png
  • image-20240103093849-1.png
  • image-20240103094049-2.png
  • image-20240103094832-3.png
  • image-20240103095200-4.png
  • image-20240103095549-5.png
  • image-20240103095756-6.png

Details

Page properties

Author

...	...	@@ -1,1 +1,1 @@
1		-XWiki.Edwin
	1	+XWiki.Xiaoye

Content

...	...	@@ -19,7 +19,13 @@
19	19
20	20	= 2. Run WireGuard VPN in PC =
21	21
	22	+There are many methods to install and set WireGuard server. Below is an example for reference to set up WireGuard Server in Windows.
22	22
	24	+**Video Instruction**: [[Install WireGuard Server in Windows>>https://www.youtube.com/watch?v=1AWVvW5oJtU]].
	25	+
	26	+For other OS and methods, please search Google for more.
	27	+
	28	+
23	23	= 3. Configure Wireguard VPN on Gatewaythe LPS8N/DLOS8N/LG308N =
24	24
25	25	== 3.1 For LPS8N/DLOS8N/LG308N ==
...	...	@@ -28,105 +28,51 @@
28	28	Due to the size of Wireguard packages. We didn't add it as a default feature of gateways. If the user wants to use Wireguard Please upgrade your gateway firmware with the special [[firmware>>https://www.dragino.com/downloads/index.php?dir=LoRa_Gateway/DLOS8/Firmware/Wireguard-firmware/]].
29	29
30	30
31		-=== 3.1.1 Configuration via command line ===
	37	+=== 1.) Preparation ===
32	32
33		-==== 3.1.1.1 Key Management ====
	39	+* **Prepare WireGuard server public key, IP address, port, and peer address.**
34	34
35	35
36		-**#Generate keys**
37	37
38		-(% class="box infomessage" %)
39		-(((
40		-umask go=
	43	+=== 2.) Steup WireGuard ===
41	41
42		-wg genkey | tee wgserver.key | wg pubkey > wgserver.pub
43	43
44		-wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
	46	+* **Accessing the gateway's WireGuard page**
45	45
46		-wg genpsk > wgclient.psk
47		-)))
	48	+[[image:image-20240103094049-2.png||height="437" width="915"]]
48	48
49		-[[image:image-20231110150147-1.png||height="82" width="566"]]
50	50
	51	+* **Add the gateway's public key to the server and assign the peer address.**
51	51
52		-==== 3.1.1.2 Firewall configuration ====
	53	+[[image:image-20240103094832-3.png||height="545" width="912"]]
53	53
54	54
55		-(((
56		-**#Configure firewall**
57		-)))
	56	+* **Fill in the parameters of the WireGuard server**
58	58
59		-(% class="box infomessage" %)
60		-(((
61		-uci del_list firewall.wan.network="vpn"
	58	+[[image:image-20240103095200-4.png||height="642" width="929"]]
62	62
63		-uci add_list firewall.wan.network="vpn"
	60	+=== 3. Testing ===
64	64
65		-uci commit firewall
66		-)))
67	67
68		-[[image:image-20231110151524-2.png]]
	63	+* **Ping Client Peer Address**
69	69
	65	+[[image:image-20240103095549-5.png||height="405" width="928"]]
70	70
71		-(((
72		-**#Reload firewall**
73		-)))
74	74
75		-(% class="box infomessage" %)
76		-(((
77		-/etc/init.d/firewall
78		-)))
	68	+* **Access Gateway WebUI via Client Peer Address**
79	79
	70	+[[image:image-20240103095756-6.png||height="488" width="933"]]
80	80
81		-==== 3.1.1.3 Network configuration ====
82	82
	73	+=== 4. Troubleshooting ===
83	83
84		-(((
85		-**#Configure network**
86		-)))
	75	+* **Unable to ping client**
87	87
88		-(% class="box infomessage" %)
89		-(((
90		- uci -q delete network.vpn
91		- uci set network.vpn="interface"
92		- uci set network.vpn.proto="wireguard"
93		- uci set network.vpn.private_key="{VPN_KEY}"
94		- uci add_list network.vpn.addresses="{VPN_ADDRESS}"
95		-)))
	77	+ Please check if the client and server are on the same Network
96	96
97		-[[image:image-20231110152122-4.png]]
98	98
99	99
100		-(((
101		-**#Add VPN peers**
102		-)))
	81	+=== ===
103	103
104		-(% class="box infomessage" %)
105		-(((
106		- uci -q delete network.wgserver
107		- uci set network.wgserver="wireguard_vpn"
108		- uci set network.wgserver.public_key="{VPN_PUB}"
109		- uci set network.wgserver.endpoint_host="{VPN_SERVER}"
110		- uci set network.wgserver.preshared_key="{VPN_PSK}"
111		- uci set network.wgserver.endpoint_port="{VPN_PORT}"
112		- uci set network.wgserver.persistent_keepalive="25"
113		- uci set network.wgserver.route_allowed_ips="1"
114		- uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
115		- uci add_list network.wgserver.allowed_ips="::/0"
116		- uci commit network
117		-)))
118	118
119		-[[image:image-20231110152109-3.png]]
120		-
121		-
122		-(((
123		-**#reload network service**
124		-)))
125		-
126		-(% class="box infomessage" %)
127		-(((
128		-/etc/init.d/network reload
129		-)))
130		-
131		-
132		-
	84	+

image-20240102190036-1.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+XWiki.Xiaoye

Size

...	...	@@ -1,0 +1,1 @@
	1	+80.1 KB

Content

image-20240103093849-1.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+XWiki.Xiaoye

Size

...	...	@@ -1,0 +1,1 @@
	1	+62.7 KB

Content

image-20240103094049-2.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+XWiki.Xiaoye

Size

...	...	@@ -1,0 +1,1 @@
	1	+62.9 KB

Content

image-20240103094832-3.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+XWiki.Xiaoye

Size

...	...	@@ -1,0 +1,1 @@
	1	+100.1 KB

Content

image-20240103095200-4.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+XWiki.Xiaoye

Size

...	...	@@ -1,0 +1,1 @@
	1	+82.2 KB

Content

image-20240103095549-5.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+XWiki.Xiaoye

Size

...	...	@@ -1,0 +1,1 @@
	1	+31.5 KB

Content

image-20240103095756-6.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+XWiki.Xiaoye

Size

...	...	@@ -1,0 +1,1 @@
	1	+562.0 KB

Content