I am requesting a Wiki guide for configuring a USG as a wireguard client only. I see a number focusing on USG as server but I just want to set it up as a client to a Wireguard server for a specific SSID.
If someone is willing to write a guide, here is some generic information as a sample guide.
USG3
Local LAN: 192.168.4.1/24
Contents of Wireguard Config file generated on Wireguard server:
If I tried to draft a plan, I would expect the steps would roughly be:
Install Wireguard on the USG (well documented).
(install the script to keep it persistent.....still working on this...have an error for now).
Address keys. Very confused how this works on a client-only connection. Do I still need to create the public and private keys on the USG ?? (or run the commands to generate them but then replace the keys in the files created with the ones created on the Wireguard server?) Does the preshared key get used somewhere?
Run the commands on the USG to create and configure the interface
configure
edit interfaces
set wireguard wg0 address 192.168.4.0/24 # local LAN
set wireguard wg0 listen-port 54xxx
set wireguard wg0 peer njm2P……………….= allowed-ips 0.0.0.0/0
set wireguard wg0 peer njm2P……………….= endpoint 198.25x.xx.xx:54xxx
set wireguard wg0 private-key /config/auth/priv.key
set wireguard wg0 route-allowed-ips false
commit
Enable Inter-VLAN routing (between 3.x & 4.x) in my case. I think I saw this being managed by a static route.
Download the config.gateway.json file, extract the relevant elements and upload to the controller.
Thank you for your consideration. I am very impressed with the clean and fast design around wireguard. It is impressive and so helpful for me on a relatively slow connection in Africa.
I am requesting a Wiki guide for configuring a USG as a wireguard client only. I see a number focusing on USG as server but I just want to set it up as a client to a Wireguard server for a specific SSID.
If someone is willing to write a guide, here is some generic information as a sample guide.
USG3 Local LAN: 192.168.4.1/24
Contents of Wireguard Config file generated on Wireguard server:
——————————- [Interface] PrivateKey = WFQX………………………..= Address = 10.66.66.4/32,fd42:42:42::4/128 DNS = 94.140.14.14,94.140.15.15
[Peer] PublicKey = njm2P……………….= PresharedKey = gE3x2vA……….= Endpoint = 198.25x.xx.xx:54xxx AllowedIPs = 0.0.0.0/0,::/0 ———————————————–
If I tried to draft a plan, I would expect the steps would roughly be:
configure edit interfaces set wireguard wg0 address 192.168.4.0/24 # local LAN set wireguard wg0 listen-port 54xxx set wireguard wg0 peer njm2P……………….= allowed-ips 0.0.0.0/0 set wireguard wg0 peer njm2P……………….= endpoint 198.25x.xx.xx:54xxx set wireguard wg0 private-key /config/auth/priv.key set wireguard wg0 route-allowed-ips false commit
Thank you for your consideration. I am very impressed with the clean and fast design around wireguard. It is impressive and so helpful for me on a relatively slow connection in Africa.
Rob