Wiki source code of Use Wireguard VPN in Dragino Gateways
Version 10.1 by Edwin Chen on 2023/11/10 20:32
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
8.2 | 1 | (% class="wikigeneratedid" %) |
| 2 | **Table of Contents:** | ||
| 3 | |||
| 4 | {{toc/}} | ||
| 5 | |||
| 6 | |||
| 7 | |||
| 8 | |||
 |
9.1 | 9 | = 1. What is Wireguard VPN? = |
| |
8.2 | 10 | |
| |
6.1 | 11 | |
| |
10.1 | 12 | = 2. Run WireGuard VPN in PC = |
| |
7.1 | 13 | |
| |
9.1 | 14 | |
| |
10.1 | 15 | = 3. Configure Wireguard VPN on Gatewaythe LPS8N/DLOS8N/LG308N = |
| |
9.1 | 16 | |
| 17 | |||
| |
10.1 | 18 | == 3.1 For LPS8N/DLOS8N/LG308N == |
| 19 | |||
| |
8.1 | 20 | Due to the size of Wireguard packages. We didn't add it as a default feature of gateways. If the user wants to use Wireguard Please upgrade your gateway firmware with the special [[firmware>>https://www.dragino.com/downloads/index.php?dir=LoRa_Gateway/DLOS8/Firmware/Wireguard-firmware/]]. |
| |
7.1 | 21 | |
| |
6.1 | 22 | |
| |
10.1 | 23 | === 3.1.1 Configuration via command line === |
| |
8.2 | 24 | |
| |
10.1 | 25 | ==== 3.1.1.1 Key Management ==== |
| |
6.1 | 26 | |
| 27 | |||
| |
8.2 | 28 | **#Generate keys** |
| 29 | |||
| |
6.1 | 30 | (% class="box infomessage" %) |
| 31 | ((( | ||
| 32 | umask go= | ||
| 33 | |||
| 34 | wg genkey | tee wgserver.key | wg pubkey > wgserver.pub | ||
| 35 | |||
| 36 | wg genkey | tee wgclient.key | wg pubkey > wgclient.pub | ||
| 37 | |||
| 38 | wg genpsk > wgclient.psk | ||
| 39 | ))) | ||
| 40 | |||
| 41 | [[image:image-20231110150147-1.png||height="82" width="566"]] | ||
| 42 | |||
| 43 | |||
| |
10.1 | 44 | ==== 3.1.1.2 Firewall configuration ==== |
| |
6.1 | 45 | |
| 46 | |||
| 47 | ((( | ||
| |
8.2 | 48 | **#Configure firewall** |
| |
6.1 | 49 | ))) |
| 50 | |||
| 51 | (% class="box infomessage" %) | ||
| 52 | ((( | ||
| 53 | uci del_list firewall.wan.network="vpn" | ||
| 54 | |||
| 55 | uci add_list firewall.wan.network="vpn" | ||
| 56 | |||
| 57 | uci commit firewall | ||
| 58 | ))) | ||
| 59 | |||
| 60 | [[image:image-20231110151524-2.png]] | ||
| 61 | |||
| 62 | |||
| 63 | ((( | ||
| |
8.2 | 64 | **#Reload firewall** |
| |
6.1 | 65 | ))) |
| 66 | |||
| 67 | (% class="box infomessage" %) | ||
| 68 | ((( | ||
| 69 | /etc/init.d/firewall | ||
| 70 | ))) | ||
| 71 | |||
| 72 | |||
| |
10.1 | 73 | ==== 3.1.1.3 Network configuration ==== |
| |
6.1 | 74 | |
| |
8.2 | 75 | |
| |
6.1 | 76 | ((( |
| |
8.2 | 77 | **#Configure network** |
| |
6.1 | 78 | ))) |
| 79 | |||
| 80 | (% class="box infomessage" %) | ||
| 81 | ((( | ||
| 82 | uci -q delete network.vpn | ||
| 83 | uci set network.vpn="interface" | ||
| 84 | uci set network.vpn.proto="wireguard" | ||
| 85 | uci set network.vpn.private_key="{VPN_KEY}" | ||
| 86 | uci add_list network.vpn.addresses="{VPN_ADDRESS}" | ||
| 87 | ))) | ||
| 88 | |||
| 89 | [[image:image-20231110152122-4.png]] | ||
| 90 | |||
| 91 | |||
| 92 | ((( | ||
| |
8.3 | 93 | **#Add VPN peers** |
| |
6.1 | 94 | ))) |
| 95 | |||
| 96 | (% class="box infomessage" %) | ||
| 97 | ((( | ||
| 98 | uci -q delete network.wgserver | ||
| 99 | uci set network.wgserver="wireguard_vpn" | ||
| 100 | uci set network.wgserver.public_key="{VPN_PUB}" | ||
| 101 | uci set network.wgserver.endpoint_host="{VPN_SERVER}" | ||
| 102 | uci set network.wgserver.preshared_key="{VPN_PSK}" | ||
| 103 | uci set network.wgserver.endpoint_port="{VPN_PORT}" | ||
| 104 | uci set network.wgserver.persistent_keepalive="25" | ||
| 105 | uci set network.wgserver.route_allowed_ips="1" | ||
| 106 | uci add_list network.wgserver.allowed_ips="0.0.0.0/0" | ||
| 107 | uci add_list network.wgserver.allowed_ips="::/0" | ||
| 108 | uci commit network | ||
| 109 | ))) | ||
| 110 | |||
| 111 | [[image:image-20231110152109-3.png]] | ||
| 112 | |||
| 113 | |||
| 114 | ((( | ||
| |
8.3 | 115 | **#reload network service** |
| |
6.1 | 116 | ))) |
| 117 | |||
| 118 | (% class="box infomessage" %) | ||
| 119 | ((( | ||
| 120 | /etc/init.d/network reload | ||
| 121 | ))) | ||
| 122 | |||
| 123 | |||
| 124 | |||
| 125 |