- the Local Net IP range is 10.0.0.0/24
- the WireGuard IP range is 10.0.1.0/24
router
is the IP address of the edgemax routeruser
is the admin username on the edgemax routerPEER_PUBLIC_KEY
was generated already
Use F-Droid, install the WireGuard app like any other
- Give the profile a unique name that makes sense to you
- Generate the public and private keys (one button press)
- Set the address to
10.0.1.2/32
- Set the DNS servers to
1.1.1.1
(or your preferred DNS) - Save the profile
- Copy the public key somehow and get it to your main computer
download the .deb for your router from https://github.com/Lochnair/vyatta-wireguard/releases
wget -c https://github.com/Lochnair/vyatta-wireguard/releases/download/0.0.20180625-1/wireguard-e100-0.0.20180625-1.deb
scp wireguard-e100-0.0.20180625-1.deb user@router:./
ssh user@router
sudo dpkg -i wireguard-e100-0.0.20180625-1.deb
wg genkey | tee /config/auth/wg.key | wg pubkey > /config/auth/wg.pub
sudo su -
configure
set interfaces wireguard wg0 address 10.0.1.1/24
set interfaces wireguard wg0 listen-port 51820
set interfaces wireguard wg0 route-allowed-ips true
set interfaces wireguard wg0 private-key /config/auth/wg.key
set interfaces wireguard wg0 peer PEER_PUBLIC_KEY allowed-ips 10.0.1.2
commit
save
exit
- Edit the profile made previously
- Press the
ADD PEER
button - Set the server's public key to the output of
cat /config/auth/wg.pub
- Set allowed-ips to
0.0.0.0/0
- Set the endpoint to your router's public IP, port 51820 - ie:
example.com:51820
- Set the keepalive to
60
- Save the profile
This is left as an exercise for the reader.
Toggle the switch for the profile to the "on" position and then test the VPN access.