Wireguard is an extremely simple, fast, and modern VPN. With it’s introduction into the mainline linux kernel, Wireguard promises to provide a simpler, faster, and more secure way for setting up a VPN without needing to deal with traditional solutions like OpenVPN and L2TP/IPSEC, which can be cumbersome and slow. In this article I’ll cover how to install Wireguard on a Ubiquiti router. Jul 11, 2017 When the firmware update is complete, you will be prompted to reboot. Use the Setup Wizard to turn it into a consumer-like router. Click on Wizards tab, along the left-edge under Setup Wizards choose WAN+2LAN2 b. Under Internet port (eth0) c. Under Firewall, ensure checkbox is on for Enable the default firewall. So I thought about tossing OpenWRT on a EdgeRouter X and testing out wireguard on that. Being pretty familiar with OpenWRT buildroot and building linux distros in general, I figured having my own bespoke firmware image that could be easily flashed and didn’t loose VPN config would save me time. After building the firmware of course.

• Edgerouter Firmware Update For Os X 10 9 5
• Edgerouter Firmware Update For Os X Capitan
• Ubiquiti Edgerouter X Firmware

Wireguard is an extremely simple, fast, and modern VPN. With it’s introduction into the mainline linux kernel, Wireguard promises to provide a simpler, faster, and more secure way for setting up a VPN without needing to deal with traditional solutions like OpenVPN and L2TP/IPSEC, which can be cumbersome and slow.

In this article I’ll cover how to install Wireguard on a Ubiquiti router, and how to connect a remote client to it.

Setting up the Router

The first step in getting Wireguard installed on EdgeOS is to SSH into your router. If SSH is not already set up on your router, it can be enabled by following this guide.

Once you can SSH into your router, download the appropriate DEB package from https://github.com/Lochnair/vyatta-wireguard, and install it via dpkg.

Once Wireguard is installed on your router it can be configured via the standard Vyatta interface.

Note that since Wireguard is not software bundled with the EdgeOS firmware, firmware upgrades necessitate re-installing the Wireguard debian package. Once the wireguard package is re-installed re-applying the existing Vyatta config file, or rebooting will restore your interfaces.

Your first step is to generate a private key for your router, and to generate a public key which you can distribute to clients.

This will output two lines, the first being your private key, and the second being your public key.

Next, using the standard Vyatta configure tool, we’re going to set up Wireguard:

These commands will create a wireguard network on 192.168.33.1/24, and will route all traffic on 192.168.33.1/24 through the new wireguard interface.

Setting up the Client

With our router now set up, we next need to repeat the key generation process on our client and exchange public keys to establish a connection.

First, we need to install Wireguard on our client. On Ubuntu, this can be done by runnung:

Instructions for additional platforms are available on the wireguard wiki.

On your client device (Mac or Linux), repeat the key generation command:

Now, we need to create the wireguard interface on our client by creating /etc/wireguard/wg0.conf

This target is not meant to be used on its own: instead it's a build component for.' Boxer alternative for os x download. Boxer Bundler': a graphical tool for converting gameboxes into standalone apps using its own self-contained copy of Boxer Standalone.Build ConfigurationsThe Boxer target has 2 build configurations: Release and Debug.

Then we need to populate this file with the interface information, and the information for our router.

As this file is the most confusing part of Wireguard, let’s take a moment to break down exactly what each block is doing.

Client Interface

The [Interface] block defines the private key of the client, and the IP address that the interface should use for connecting to any peer. The IP address should be in CIDR/32 format, since we’ll only ever have a single IP address.

Peer

The [Peer] block defines who we’re connecting to, and what routes we want to Wireguard to send over the previously created interface.

The PublicKey line is the public key of our router, and the Endpoint defines where our router is located at on the public internet.

The AllowedIPs line tells the wg0 interface what routes we want to send through the interface. In this example, Wireguard will route any traffic to 192.168.33.0/24 over the Wireguard interface and to our router.

While this gets us connectivity to our router, it doesn’t let us access other devices on our LAN behind our router. To do that, we simply need to update the AllowedIPs section with our LAN IP range. For instance, of devices on your network have an IP within 192.168.0.0/24, we can simply update our AllowedIPs line to look as follows:

Now traffic over our VPN, and to our LAN will be routed over the Wireguard interface and to our router, which will seamlessly handle forwarding to clients on our LAN.

Peering our router

Now that we have our public key of our client, we need to update our router’s configuration.

This command tells our router to accept traffic from our client with the public key of aWLc3A6WnKtVpTYPki3TRrKGDg8JUS0HephzxpnP8js= (which we generated earlier), and to only forward and accept traffic from the IP address of our client, 192.168.33.2/32.

When configuring your router with multiple peers, it’s important that you don’t create overlapping entries for the allowed-ips line, as the router won’t be able to route traffic appropriately.

Bringing the Client Interface Up

Back on the client, we can now bring our wg0 interface up by running:

We can verify connectivty by running sudo wg, which will give us information about peers we are connected to.

We can repeat the sudo wg command on our router to verify connectivity as well.

After confirming that Wireguard thinks it’s connected, we can use any of our standard networking tools to connect to hosts behind our LAN, such as ping, SSH, etc…

Edgerouter Firmware Update For Os X 10 9 5

Automatically bringing the interface up on Linux

Edgerouter Firmware Update For Os X Capitan

On Linux, Wireguard comes a systemd command which can be used to automatically bring the interface up on boot. It can be enabled by running:

Wireguard is a very fast VPN, and once it has mainline support in the Linux kernel, it’ll be even faster. As this article has shown, setting up Wireguard is extremely easy, especially compared to other VPN solutions such as OpenVPN or L2TP/IPSEC.

Ubiquiti Edgerouter X Firmware

I hope you find this article useful - be sure to reach out with any questions if you have them. I look forward to hearing from you.