You can also have the users generate their keys and then add them manually later. If you need to generate user keys, you can follow these steps to make subdirectories for each key pair you want to generate. Navigate back to the home directory cd /home/ubnt Generate a key pair for the Wireguard server wg genkey | tee privatekey | wg pubkey > publickeyĭisplay keys and copy or document them as needed more privatekey more publickey The rest of the command examples assume /home/ubnt pwdĬreate a folder for the server's keys and navigate to it mkdir server_keys cd server_keys If you are logging in as another user, the paths shown will need to be adjusted to match the user and directories you wish to use.įirst, confirm your current working directory. In these commands we're also assuming the use of the default ubnt account for administration, hopefully with a long, unique password. The number of keys and their names are up to you, but this is the basic process you will need to go through. Now that Wireguard is installed, we need to generate folders and keys. If you are still running a version 1.x firmware, either update your EdgeRouter first or find the correct package and URL on the Wireguard GitHub page.ĮdgeRouter X and EdgeRouter X SFP (ER-X, ER-X-SFP) curl -OL sudo dpkg -i bĮdgeRouter Lite and EdgeRouter PoE (ER-Lite, ER-PoE) curl -OL sudo dpkg -i bĮdgeRouter 8 and EdgeRouter Pro (ER-8, ER-8-Pro) curl -OL sudo dpkg -i bĮdgeRouter 4, EdgeRouter 6P and EdgeRouter 12 (ER-4, ER-6P, ER-12, ER-12P) curl -OL sudo dpkg -i bĮdgeRouter Infinity (ER-8-XG) curl -OL sudo dpkg -i b Step 2: Key Creation The following commands assume you are on a version 2 firmware, ideally one of the latest v2.0.9 builds. To install Wireguard on an EdgeRouter, first you need to find the proper installation package for your model. Our goal is to provide remote users access to the internal LAN networks and devices in the 10.200.0.0/16 range. If you don't have a static public IP address, you'll want to use a dynamic DNS service, and point your clients to that hostname.įor our example, I'm going to be using an EdgeRouter 4 and the following topology. This guide assumes a few things, including that the EdgeRouter has a public IP on the WAN port, and isn't behind CGNAT. It's not built into EdgeOS, but with a few commands you can install the Wireguard package from Github. It outperforms IPsec and OpenVPN, and it can make a good site-to-site or remote access VPN, depending on how you configure it. Wireguard is a free and open-source VPN, designed to be easy to use, fast, and secure. While the built-in options will work for most, Wireguard is more modern alternative. Those cover a lot of the basics of VPNs and some advanced route-based or policy-based site-to-site setups. If you want to use any of those, refer to Ubiquiti's EdgeRouter VPN help articles. This guide covers Ubiquiti's EdgeRouters, and the commands you'll need to configure a remote access VPN.ĮdgeRouters feature built-in support for OpenVPN, IPsec, GRE, L2TP, and some other VPN and tunneling protocols. Previously, we covered how to install and configure Wireguard on a UDM-Pro, or other UniFi OS console.
0 Comments
Leave a Reply. |