Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

USG as Client Wiki Guide #123

Open
robertgpeterson opened this issue Jul 21, 2022 · 1 comment
Open

USG as Client Wiki Guide #123

robertgpeterson opened this issue Jul 21, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@robertgpeterson
Copy link

I am requesting a Wiki guide for configuring a USG as a wireguard client only. I see a number focusing on USG as server but I just want to set it up as a client to a Wireguard server for a specific SSID.

If someone is willing to write a guide, here is some generic information as a sample guide.

USG3
Local LAN: 192.168.4.1/24

Contents of Wireguard Config file generated on Wireguard server:

——————————-
[Interface]
PrivateKey = WFQX………………………..=
Address = 10.66.66.4/32,fd42:42:42::4/128
DNS = 94.140.14.14,94.140.15.15

[Peer]
PublicKey = njm2P……………….=
PresharedKey = gE3x2vA……….=
Endpoint = 198.25x.xx.xx:54xxx
AllowedIPs = 0.0.0.0/0,::/0
———————————————–

If I tried to draft a plan, I would expect the steps would roughly be:

  1. Install Wireguard on the USG (well documented).
  2. (install the script to keep it persistent.....still working on this...have an error for now).
  3. Address keys. Very confused how this works on a client-only connection. Do I still need to create the public and private keys on the USG ?? (or run the commands to generate them but then replace the keys in the files created with the ones created on the Wireguard server?) Does the preshared key get used somewhere?
  4. Run the commands on the USG to create and configure the interface

configure
edit interfaces
set wireguard wg0 address 192.168.4.0/24 # local LAN
set wireguard wg0 listen-port 54xxx
set wireguard wg0 peer njm2P……………….= allowed-ips 0.0.0.0/0
set wireguard wg0 peer njm2P……………….= endpoint 198.25x.xx.xx:54xxx
set wireguard wg0 private-key /config/auth/priv.key
set wireguard wg0 route-allowed-ips false
commit

  1. Enable Inter-VLAN routing (between 3.x & 4.x) in my case. I think I saw this being managed by a static route.
  2. Download the config.gateway.json file, extract the relevant elements and upload to the controller.

Thank you for your consideration. I am very impressed with the clean and fast design around wireguard. It is impressive and so helpful for me on a relatively slow connection in Africa.

Rob
@robertgpeterson robertgpeterson added the enhancement New feature or request label Jul 21, 2022
@patvdleer
Copy link

patvdleer commented Nov 28, 2024
edited
Loading

For your preshared key:

set interfaces wireguard wg0 peer njm2P……………….= preshared-key /config/auth/wg-preshared.key

or

set interfaces wireguard wg0 peer njm2P……………….= preshared-key gE3x2vA……….=

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Milestone
No milestone
Development

No branches or pull requests
2 participants
@patvdleer @robertgpeterson