How to Configure WireGuard VPN on Omada Controller

How to Configure WireGuard VPN on Omada Controller

32 Reply
Re:How to Configure WireGuard VPN on Omada Controller
2023-11-20 11:20:05

  @Clive_A thanks again. I now have a remote iPad client working and a remote android as well, each with their own config files. Happy with the results. 

Paul
  1  
  1  
#22
Options
Linux Guide: How to Configure WireGuard VPN on Omada Controller.
2024-02-22 20:29:16 - last edited 2024-02-22 23:04:45

Following on from the original guide, for anyone having issues setting this up with a Linux client the following should help.   Tested in Debian 12.5 with gnome desktop env. But should also work in Ubuntu 22.04 LTS.

 

To create the private key on the client machine to paste in the below conf example.

install wireguard if not done so already.

 

sudo apt install wireguard –assume-yes

cd /etc/wiregaurd

 

if you get permission denied in the last step run sudo -i then try again.

 

(umask 077 && wg genkey > wg-private.key)

wg pubkey < wg-private.key > wg-public.key

cat wg-private.key

As well as gaining the wg-private.key in the last step you will also need the wg-public.key

this public key needs to be pasted into paste into the router on the create peer step later.

 

From the wireguard directory (assuming you know how to use nano text editor)

nano wg0.conf

(this can be renamed to whatever you like but must end in .conf)

paste in the following and edit according to the notes below.

 

 

-----------long version with comments

[Interface]

PrivateKey = <PASTE wg-private.key HERE>

 

## Client IP (no need to change unless this is second or third peer)

Address = 10.0.0.1/24

 

## Add A DNS server

DNS = 1.1.1.1

 

[Peer]

## PublicKey from wireguard tab in router (created from + Create New Wireguard option)

## You will also need to port forward the unique local IP address of the wireguard server chosen in ## the + Create New Wireguard step

PublicKey = <PASTE PUBLIC KEY HERE>

 

## to pass internet trafic 0.0.0.0 but for peer connection only use local IP of the server you want to access, or you can also specify comma separated IPs

AllowedIPs = 0.0.0.0/0

 

## Public IP of router and the port

Endpoint = <YOUR PUBLIC WAN IP:WG-PORT>

 

## Optional

PersistentKeepalive = 20

-----------

 

-----------Short Version

[Interface]

PrivateKey = <PASTE wg-private.key HERE>

Address = 10.0.0.1/24

DNS = 1.1.1.1

 

[Peer]

PublicKey = <PASTE PUBLIC KEY HERE>

AllowedIPs = 0.0.0.0/0

Endpoint = <YOUR PUBLIC WAN IP:WG-PORT

PersistentKeepalive = 20

-----------

 

run the following steps to import the config to the linux network

 

CONF_FILE="wg0.conf"

 

nmcli connection import type wireguard file "$CONF_FILE"

 

It should now be available to use in your network manager.

 

To remove the config if not working or no loger used from network manager run

 

nmcli connection delete wg0

 

You can add mutiple WG toggles in this way if you have many VPNs

 

 

I called my conf file oc200.conf not the default wg0.conf.  Also the gnome extension "WG indicator" is useful as it lights up red when a WG VPN is active.

 

 

 

 

You can also import the conf file with a GUI using this gnome extension, but best to manage it from the terminal.

 

 

 

 

 

 

  0  
  0  
#23
Options
Linux Guide: How to Configure WireGuard VPN on Omada Controller.
2024-06-21 11:30:53

Is there a way to see active Wireguard connections? I cant seem to find my active connections - is this not implemented yet?

  0  
  0  
#24
Options
Linux Guide: How to Configure WireGuard VPN on Omada Controller.
2024-06-21 14:03:16

  @DarkwingDuck 

 

Active incoming connection to the router?

 

Or active connections on a Linux client / pc?   In my example im just using the wireguard-VPN-extension (gnome exention)

 

But to see incoming wireguard at the router or OC, Im not sure and not qualified to answer.  Hopefully one of the TPlink guys knows and will get back to you.  

  0  
  0  
#25
Options
Linux Guide: How to Configure WireGuard VPN on Omada Controller.
2024-06-21 17:40:59

  @j1979 Yep, i meant active incoming connection to the router!

  0  
  0  
#26
Options
Linux Guide: How to Configure WireGuard VPN on Omada Controller.
2024-06-22 08:11:14

Hi  @DarkwingDuck 

Controller mode, go to the VPN connections. That'll display all the types of connections.

Standalone, in the same tab of the Wiregaurd. You have the active connections listed in the peer.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#27
Options
Linux Guide: How to Configure WireGuard VPN on Omada Controller.
2024-07-01 10:46:15 - last edited 2024-07-01 11:00:08

Hi @Clive_A well, thats not very satisfying. I can´t see if the connection is currently active for example. Furthermore, I cant see traffic or any statistics regarding the Wireguard connection.

 

Edit: Ok its in Insights -- VPN Status

  0  
  0  
#28
Options
Linux Guide: How to Configure WireGuard VPN on Omada Controller.
2024-07-02 07:08:15

Hi  @DarkwingDuck 

DarkwingDuck wrote

Hi @Clive_A well, thats not very satisfying. I can´t see if the connection is currently active for example. Furthermore, I cant see traffic or any statistics regarding the Wireguard connection.

 

Edit: Ok its in Insights -- VPN Status

Good to know you've found it.

Try to get familiar with the system. The status stuff are based on certain psges. They don't display anywhere else but somewhere centralized.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#29
Options
Re:How to Configure WireGuard VPN on Omada Controller
a week ago

  @Clive_A 

 

First off thank you for your guide! With it I have been able to at least connect to my Router. My issue that I have been currently having is how to I connect to my internal DNS. 

 

- For instance I have my internal network setup as 192.168.5.0

- My DNS is running piHole on 192.168.5.2

 

I have my Wireguard to use the ip address 192.168.5.3 - Nothing is connected to this 

 

Now this is the part that has me a bit confused and I have tried a couple of different ips.

 

On the peer. I have setup the allowed address of 10.0.0.1/24. I have also tried 192.168.5.4/24. Neither of these options respond to my internal dns server on 192.168.5.3.

 

Maybe you can see what I am doing wrong. I apologize if this is an easy fix. I am just starting to dive into the advanced network set ups. 

 

Cheers

  0  
  0  
#30
Options
Re:How to Configure WireGuard VPN on Omada Controller
a week ago

Hi @CeApollo 

Thanks for posting in our business forum.

CeApollo wrote

  @Clive_A 

 

First off thank you for your guide! With it I have been able to at least connect to my Router. My issue that I have been currently having is how to I connect to my internal DNS. 

 

- For instance I have my internal network setup as 192.168.5.0

- My DNS is running piHole on 192.168.5.2

 

I have my Wireguard to use the ip address 192.168.5.3 - Nothing is connected to this 

 

Now this is the part that has me a bit confused and I have tried a couple of different ips.

 

On the peer. I have setup the allowed address of 10.0.0.1/24. I have also tried 192.168.5.4/24. Neither of these options respond to my internal dns server on 192.168.5.3.

 

Maybe you can see what I am doing wrong. I apologize if this is an easy fix. I am just starting to dive into the advanced network set ups. 

 

Cheers

Start a new thread with the diagram and your current config. Mosaic the sensitive information. If you need to further discuss your issue.

 

Interface IP should be excluded from the 192.168.5.0/24. Try to change this first.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#31
Options