Changes for page Use Wireguard VPN in Dragino Gateways

Summary

• Page properties (2 modified, 0 added, 0 removed)
• Attachments (0 modified, 0 added, 8 removed)
  • image-20231121160528-1.png
  • image-20240102190036-1.png
  • image-20240103093849-1.png
  • image-20240103094049-2.png
  • image-20240103094832-3.png
  • image-20240103095200-4.png
  • image-20240103095549-5.png
  • image-20240103095756-6.png

Details

Page properties

Title

...	...	@@ -1,1 +1,1 @@
1		-Use Wireguard VPN in Dragino Gateways
	1	+LoRaWAN Gateway version with Wireguard Support

Content

...	...	@@ -1,82 +1,110 @@
1		-(% class="wikigeneratedid" %)
2		-**Table of Contents:**
	1	+= How to configure Wireguard on the LPS8N/DLOS8N/LG308N =
3	3
4		-{{toc/}}
5	5
	4	+Due to the size of Wireguard packages. We didn't add it as a default feature of gateways. If the user wants to use Wireguard Please upgrade your gateway firmware with the special [[firmware>>https://www.dragino.com/downloads/index.php?dir=LoRa_Gateway/DLOS8/Firmware/Wireguard-firmware/]].
6	6
	6	+== **1. Configuration via command line** ==
7	7
	8	+=== 1.1 Key Management ===
8	8
9		-= 1. What is WireGuard VPN? =
	10	+#Generate keys
10	10
	12	+(% class="box infomessage" %)
	13	+(((
	14	+umask go=
11	11
12		-[[WireGuard>>https://www.wireguard.com/]]^^®^^ is an extremely simple yet fast and modern VPN that utilizes **state-of-the-art [[cryptography>>url:https://www.wireguard.com/protocol/]]**. It aims to be [[faster>>url:https://www.wireguard.com/performance/]], [[simpler>>url:https://www.wireguard.com/quickstart/]], leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
	16	+wg genkey | tee wgserver.key | wg pubkey > wgserver.pub
13	13
	18	+wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
14	14
15		-Network Structure for WireGuard VPN:
	20	+wg genpsk > wgclient.psk
	21	+)))
16	16
17		-[[image:image-20231121160528-1.png]]
	23	+[[image:image-20231110150147-1.png||height="82" width="566"]]
18	18
19	19
20		-= 2. Run WireGuard VPN in PC =
	26	+=== 1.2 Firewall configuration ===
21	21
22		-There are many methods to install and set WireGuard server. Below is an example for reference to set up WireGuard Server in Windows.
	28	+(((
	29	+#Configure firewall
	30	+)))
23	23
24		-**Video Instruction**: [[Install WireGuard Server in Windows>>https://www.youtube.com/watch?v=1AWVvW5oJtU]].
	32	+(((
	33	+
	34	+)))
25	25
26		-For other OS and methods, please search Google for more.
	36	+(% class="box infomessage" %)
	37	+(((
	38	+uci del_list firewall.wan.network="vpn"
27	27
	40	+uci add_list firewall.wan.network="vpn"
28	28
29		-= 3. Configure Wireguard VPN on Gatewaythe LPS8N/DLOS8N/LG308N =
	42	+uci commit firewall
	43	+)))
30	30
31		-== 3.1 For LPS8N/DLOS8N/LG308N ==
	45	+[[image:image-20231110151524-2.png]]
32	32
33	33
34		-After Firmware lgw-5.4.1704197758, we added Wireguard. Users can upgrade the gateways to [[firmware>>https://www.dragino.com/downloads/index.php?dir=LoRa_Gateway/DLOS8/Firmware/Wireguard-firmware/]]. after 169 to get WireGuard support.
	48	+(((
	49	+#Reload firewall
	50	+)))
35	35
36		-=== 1.) Preparation ===
	52	+(% class="box infomessage" %)
	53	+(((
	54	+/etc/init.d/firewall
	55	+)))
37	37
38		-* **Prepare WireGuard server public key, IP address, port, and peer address.**
39	39
	58	+=== 1.3. Network configuration ===
40	40
41		-=== 2.) Steup WireGuard ===
	60	+(((
	61	+#Configure network
	62	+)))
42	42
43	43
44		-* **Accessing the gateway's WireGuard page**
	65	+(% class="box infomessage" %)
	66	+(((
	67	+ uci -q delete network.vpn
	68	+ uci set network.vpn="interface"
	69	+ uci set network.vpn.proto="wireguard"
	70	+ uci set network.vpn.private_key="{VPN_KEY}"
	71	+ uci add_list network.vpn.addresses="{VPN_ADDRESS}"
	72	+)))
45	45
46		-[[image:image-20240103094049-2.png||height="437" width="915"]]
	74	+[[image:image-20231110152122-4.png]]
47	47
48	48
49		-* **Add the gateway's public key to the server and assign the peer address.**
	77	+(((
	78	+#Add VPN peers
	79	+)))
50	50
51		-[[image:image-20240103094832-3.png||height="545" width="912"]]
	81	+(% class="box infomessage" %)
	82	+(((
	83	+ uci -q delete network.wgserver
	84	+ uci set network.wgserver="wireguard_vpn"
	85	+ uci set network.wgserver.public_key="{VPN_PUB}"
	86	+ uci set network.wgserver.endpoint_host="{VPN_SERVER}"
	87	+ uci set network.wgserver.preshared_key="{VPN_PSK}"
	88	+ uci set network.wgserver.endpoint_port="{VPN_PORT}"
	89	+ uci set network.wgserver.persistent_keepalive="25"
	90	+ uci set network.wgserver.route_allowed_ips="1"
	91	+ uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
	92	+ uci add_list network.wgserver.allowed_ips="::/0"
	93	+ uci commit network
	94	+)))
52	52
	96	+[[image:image-20231110152109-3.png]]
53	53
54		-* **Fill in the parameters of the WireGuard server**
55	55
56		-[[image:image-20240103095200-4.png||height="642" width="929"]]
	99	+(((
	100	+#reload network service
	101	+)))
57	57
58		-=== 3. Testing ===
	103	+(% class="box infomessage" %)
	104	+(((
	105	+/etc/init.d/network reload
	106	+)))
59	59
60	60
61		-* **Ping Client Peer Address**
62	62
63		-[[image:image-20240103095549-5.png||height="405" width="928"]]
64		-
65		-
66		-* **Access Gateway WebUI via Client Peer Address**
67		-
68		-[[image:image-20240103095756-6.png||height="488" width="933"]]
69		-
70		-
71		-=== 4. Troubleshooting ===
72		-
73		-* **Unable to ping client**
74		-
75		- Please check if the client and server are on the same Network
76		-
77		-
78		-
79		-=== ===
80		-
81		-
82	82

image-20231121160528-1.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.Edwin

Size

...	...	@@ -1,1 +1,0 @@
1		-78.9 KB

Content

image-20240102190036-1.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.Xiaoye

Size

...	...	@@ -1,1 +1,0 @@
1		-80.1 KB

Content

image-20240103093849-1.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.Xiaoye

Size

...	...	@@ -1,1 +1,0 @@
1		-62.7 KB

Content

image-20240103094049-2.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.Xiaoye

Size

...	...	@@ -1,1 +1,0 @@
1		-62.9 KB

Content

image-20240103094832-3.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.Xiaoye

Size

...	...	@@ -1,1 +1,0 @@
1		-100.1 KB

Content

image-20240103095200-4.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.Xiaoye

Size

...	...	@@ -1,1 +1,0 @@
1		-82.2 KB

Content

image-20240103095549-5.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.Xiaoye

Size

...	...	@@ -1,1 +1,0 @@
1		-31.5 KB

Content

image-20240103095756-6.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.Xiaoye

Size

...	...	@@ -1,1 +1,0 @@
1		-562.0 KB

Content