how do config and use WireGuard?

[aliamg1356]

Hi, how do config and use WireGuard in DE version? can help me?

[davidebeatrici]

See the latest messages in #604.

[JellyVPN]

Hi, Dear, I tried many scenarios, but there is no download and upload after the first packet I don't know what's the issue, can you help me? maybe related to IP? because when I use StaticIP through vpncmd I can't see any changes via Softether GUI please help me with it Click to see the screenshot

[davidebeatrici]

Is the default gateway set?

[JellyVPN]

Yes, I set it, I checked even with a new HUB, and all of them do not send and receive either!!! can you tell me what the problem is? maybe not related to the gateway or IP, even I changed IP and Gateway, Public Key, and more!!!!

[davidebeatrici]

Is the WireGuard session actually established?

[JellyVPN]

how can I know about it? in Android show get first data tell me more, I'm novice for Wireguard

[davidebeatrici]

Check the server's logs.

[JellyVPN]

2023-05-30 00:49:50.527 [WireGuard] 176.xx.xx.41:49707 -> 85.xx.xx.13:5555 (UDP): Session created. 2023-05-30 00:49:51.274 For the client (IP address: 176.xx.xx.41, host name: "176.xx.xx.41", port number: 49707), connection "CID-189" has been created. 2023-05-30 00:49:51.274 SSL communication for connection "CID-189" has been started. The protocol version is (null). The encryption algorithm name is "(null)". 2023-05-30 00:49:51.274 Connection "CID-189": The WireGuard key is not associated with a user on the server. 2023-05-30 00:49:51.274 [WireGuard] 176.xx.xx.41:49707 -> 85.xx.xx.13:5555 (UDP): Session deleted. 2023-05-30 00:49:51.274 [OpenVPN] 176.xx.xx.41:49707 -> 85.xx.xx.13:5555 (UDP): Session created. 2023-05-30 00:49:51.305 Connection "CID-189" terminated by the cause "User authentication failed." (code 9). 2023-05-30 00:49:51.305 Connection "CID-189" has been terminated. 2023-05-30 00:49:51.305 The connection with the client (IP address 176.40.121.41, Port number 49707) has been disconnected.

[davidebeatrici]

The WireGuard key is not associated with a user on the server.

This is the issue. You have to add the user's public key.

[JellyVPN]

Dear it's already set, as i explained before Even i added several keys and checked all of them in different ways Maybe there is another mistake by me

[davidebeatrici]

Are you 100% sure it's the public key that is associated with the private one you're using on the client?

[JellyVPN]

Let Me Explain:

1. I created a new key with GenX25519 in Server Mode (Tools) vpncmd

   VPN Tools>GenX25519
   GenX25519 command - Create new X25519 keypair
   Private key: qJ0pswV7************************YxzhwG0=
   Public key: eaSzH4X99Ms*********************VKxkI=

   =================================

2. Now exit vpncmd and enter again, this time as administrator then I added Public Key to a user via WgkAdd

   
   VPN Server>WgkAdd eaSzH4X99***************************VKxkI=
   WgkAdd command - Add a WireGuard key
   Hub: Wire

User: Jelly

The command completed successfully

3. Now I set the public key for the user in the peer section, then use the pre-shared key obtained via ProtoOptionsGet WireGuard
4. create a random private key from Wireguard
Now click connect, and only the first data work!!!
maybe should I add the Private key to a specific user instead of the Public key?
There is an Interface section and a Peer section
The interface needs a Private Key (I used the app randomly created), then I entered Static IP, Listen Port, DNS, and MTU are empty
Peer section I added the Public key generated via GenX25519 in Step 1
I added the Pre-Shared key from the server obtained via ProtoOptionsGet WireGuard
Keep Alive: 25
Endpoint: ml4.vpnssl.me:51820
Allowed IP: 0.0.0.0/0

What's my mistake here?
1. If should I use a private key instead of the public key, then what public key should I add in the peer section?
2. you tell me what's wrong here
thanks a lot

[davidebeatrici]

Now I set the public key for the user in the peer section, then use the pre-shared key obtained via ProtoOptionsGet WireGuard

In the peer section you have to put the server's public key.

The interface needs a Private Key (I used the app randomly created)

In the interface section you have to put the user's private key.

[JellyVPN]

Finally, the problem was fixed, but is there any way to use it via Radius? or automatically create Wireguard profiles like OpenVPN for the customers? or make it more simple for creating more than 1000 users in once

[chipitsine]

It can be done in script using vpncmd. What else do you prefer over vpncmd?

On Fri, Jun 9, 2023, 23:44 JellyVPN @.***> wrote:

Finally, the problem was fixed, but is there any way to use it via Radius? or automatically create Wireguard profiles like OpenVPN for the customers? or make it more simple for creating more than 1000 users in once

— Reply to this email directly, view it on GitHub https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1852#issuecomment-1585157927, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQ5KUDPKIXSC2XC4FZ3M2TXKOKKXANCNFSM6AAAAAAYIAGRXA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[JellyVPN]

which script and how? can you explain more or give me a guide?

[chipitsine]

I've got it. we have documentation gap ((

here's an example how to setup OpenVPN (sorry, need to create similar for WireGuard yet)

SoftEtherVPN/start-se-openvpn.sh at master · SoftEtherVPN/SoftEtherVPN · GitHub https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/.ci/start-se-openvpn.sh#L35-L40

пн, 12 июн. 2023 г. в 23:57, JellyVPN @.***>:

which script and how? can you explain more or give me a guide?

— Reply to this email directly, view it on GitHub https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1852#issuecomment-1588159288, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQ5KUDLQKWG6IPU7YJ4QIDXK6GCZANCNFSM6AAAAAAYIAGRXA . You are receiving this because you commented.Message ID: @.***>

[alexlyee]

I've got it. we have documentation gap (( here's an example how to setup OpenVPN (sorry, need to create similar for WireGuard yet) SoftEtherVPN/start-se-openvpn.sh at master · SoftEtherVPN/SoftEtherVPN · GitHub https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/.ci/start-se-openvpn.sh#L35-L40 пн, 12 июн. 2023 г. в 23:57, JellyVPN @.>: … which script and how? can you explain more or give me a guide? — Reply to this email directly, view it on GitHub <#1852 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQ5KUDLQKWG6IPU7YJ4QIDXK6GCZANCNFSM6AAAAAAYIAGRXA . You are receiving this because you commented.Message ID: @.>

This looks like a way to set users manually while starting an openvpn server.. is it RADIUS and I'm missing something? I too am very curious if Wireguard could be used with RADIUS/NT.

[chipitsine]

test covers just small subset of commands.

more tests welcome ))

[tb2030]

现在我在对等部分中为用户设置公钥，然后使用通过 ProtoOptionsGet WireGuard 获取的预共享密钥

在对等部分中，您必须输入服务器的公钥。

接口需要私钥（我用的是随机创建的app）

在界面部分，您必须输入 你好，请问在哪里输入用户的私钥

[PizzaProgram]

Two things are not clear from all these info fragments:

1.

• Is it possible to use the SoftEther Client (DE) to connect using WireGuard protocol instead of "default"?
• or do I have to use the official wireguard client ? (which has many problems, like re-connecting issue)

2.

• All Virtual HUBs would use basically the same global server WG public key?
• Can the server prevent that HUBs "see each other" if WH is a peer-to-peer protocol? (And not all the trafic is going through the server)

I'm asking this, because it seems that the server is using too much CPU time to connect even 1+1 clients with each other. So theoretically the peer-to-peer WG structure would take off the load from the server. Would not? (I'd like to connect several hundreds of clients only with each other, not allowing using the internet over VPN.)