GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → WireGuard → Wireguard Vyatta Ubnt

WireGuard / Wireguard Vyatta Ubnt

Licence: gpl-3.0
WireGuard for Ubiquiti Devices

Programming Languages

perl
6916 projects

Labels

vpnubiquiti

Projects that are alternatives of or similar to Wireguard Vyatta Ubnt

wireguard-kmod
WireGuard for UDM series routers
Stars: ✭ 328 (-49.62%)
Mutual labels:  vpn, ubiquiti
Free
翻墙、免费翻墙、免费科学上网、免费节点、免费梯子、免费ss/v2ray/trojan节点、蓝灯、谷歌商店、翻墙梯子
Stars: ✭ 16,689 (+2463.59%)
Mutual labels:  vpn
Easy Wg Quick
Creates Wireguard configuration for hub and peers with ease
Stars: ✭ 502 (-22.89%)
Mutual labels:  vpn
Openpyn Nordvpn
Easily connect to and switch between, OpenVPN servers hosted by NordVPN on Linux (+patch leakes)
Stars: ✭ 544 (-16.44%)
Mutual labels:  vpn
Openvpn3
OpenVPN 3 is a C++ class library that implements the functionality of an OpenVPN client, and is protocol-compatible with the OpenVPN 2.x branch.
Stars: ✭ 510 (-21.66%)
Mutual labels:  vpn
Streisand
Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
Stars: ✭ 22,605 (+3372.35%)
Mutual labels:  vpn
Easyvpn
Easily connect to a VPN in a country of your choice.
Stars: ✭ 492 (-24.42%)
Mutual labels:  vpn
Openmptcprouter
OpenMPTCProuter is an open source solution to aggregate multiple internet connections using Multipath TCP (MPTCP) on OpenWrt
Stars: ✭ 652 (+0.15%)
Mutual labels:  vpn
Protonvpn Cli
Legacy protonvpn-cli: ProtonVPN Command-Line Tool for Linux and macOS. This has been superseded by https://github.com/ProtonVPN/protonvpn-cli-ng
Stars: ✭ 575 (-11.67%)
Mutual labels:  vpn
Leaf
A lightweight and fast proxy utility tries to include any useful features.
Stars: ✭ 530 (-18.59%)
Mutual labels:  vpn
Dsvpn
A Dead Simple VPN.
Stars: ✭ 4,894 (+651.77%)
Mutual labels:  vpn
Icepa
iOS system-wide VPN based Tor client
Stars: ✭ 519 (-20.28%)
Mutual labels:  vpn
Android App
Official ProtonVPN Android app
Stars: ✭ 547 (-15.98%)
Mutual labels:  vpn
Loki Network
Lokinet is an anonymous, decentralized and IP based overlay network for the internet.
Stars: ✭ 507 (-22.12%)
Mutual labels:  vpn
Unifi Api Client
A PHP API client class to interact with Ubiquiti's UniFi Controller API
Stars: ✭ 602 (-7.53%)
Mutual labels:  ubiquiti
Kt Connect
Manage and Integration with your Kubernetes dev environment more efficient.
Stars: ✭ 499 (-23.35%)
Mutual labels:  vpn
Sigmavpn
Light-weight, secure and modular VPN solution which makes use of NaCl encryption (also available for Android using jnacl in "sigmavpn-android")
Stars: ✭ 531 (-18.43%)
Mutual labels:  vpn
Unifi Pfsense
A script that installs the UniFi Controller software on pfSense and other FreeBSD systems
Stars: ✭ 544 (-16.44%)
Mutual labels:  ubiquiti
Openconnect
OpenConnect client extended to support Palo Alto Networks' GlobalProtect VPN
Stars: ✭ 654 (+0.46%)
Mutual labels:  vpn
Wireguard Install
WireGuard VPN server installer
Stars: ✭ 616 (-5.38%)
Mutual labels:  vpn
View All Similar Projects ➔

WireGuard for Ubiquiti

This repository contains Vyatta configuration files to integrate WireGuard with Ubiquiti Networks devices.

Please see below for instructions on how to install the prebuilt deb packages listed under releases.

Table of Contents

Installation

Download the latest release for your model and then install it:

curl -OL https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/${RELEASE}/${BOARD}-${RELEASE}.deb

sudo dpkg -i ${BOARD}-${RELEASE}.deb

After you will have be able to create a wireguard interface (show interfaces).

Upgrade

Download the latest release for your model and then perform upgrade:

curl -OL https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/${RELEASE}/${BOARD}-${RELEASE}.deb

configure
set interfaces wireguard wg0 route-allowed-ips false
commit
delete interfaces wireguard
commit
sudo rmmod wireguard
sudo dpkg -i ${BOARD}-${RELEASE}.deb
sudo modprobe wireguard
load
commit
exit

This allows the upgrade without reboot.

Uninstallation

Private key

Determine if the private key is stored as a file by running show interfaces wireguard; if the private key line is a path then run the following command otherwise jump to Remove the configuration

sudo rm /config/auth/wg.key

Remove the configuration

configure

delete interfaces wireguard

commit
save
exit

Remove the package

sudo dpkg --remove wireguard

Usage

Read the documentation on WireGuard.com for general WireGuard concepts. Here is a simple example of a configuration for Vyatta/EdgeOS:

wg genkey | tee /config/auth/wg.key | wg pubkey >  wg.public

configure

set interfaces wireguard wg0 address 192.168.33.1/24
set interfaces wireguard wg0 listen-port 51820
set interfaces wireguard wg0 route-allowed-ips true

set interfaces wireguard wg0 peer GIPWDet2eswjz1JphYFb51sh6I+CwvzOoVyD7z7kZVc= endpoint example1.org:29922
set interfaces wireguard wg0 peer GIPWDet2eswjz1JphYFb51sh6I+CwvzOoVyD7z7kZVc= allowed-ips 192.168.33.101/32

set interfaces wireguard wg0 peer aBaxDzgsyDk58eax6lt3CLedDt6SlVHnDxLG2K5UdV4= endpoint example2.net:51820
set interfaces wireguard wg0 peer aBaxDzgsyDk58eax6lt3CLedDt6SlVHnDxLG2K5UdV4= allowed-ips 192.168.33.102/32
set interfaces wireguard wg0 peer aBaxDzgsyDk58eax6lt3CLedDt6SlVHnDxLG2K5UdV4= allowed-ips 192.168.33.103/32

set interfaces wireguard wg0 private-key /config/auth/wg.key

set firewall name WAN_LOCAL rule 20 action accept
set firewall name WAN_LOCAL rule 20 protocol udp
set firewall name WAN_LOCAL rule 20 description 'WireGuard'
set firewall name WAN_LOCAL rule 20 destination port 51820

commit
save
exit

The private-key and preshared-key fields can take the key value or a file path. So if you prefer not to put the keys in the config file, then the private-key and preshared-key field can alternatively take a file path on the filesystem, such as /config/auth/key.

Routing

Currenty there is no integration between the routing daemon and WireGuard which means allowed-ips for a peer will not be updated based upon dynamic routing updates.

If you are going to utilize a dynamic routing protocol over wireguard interfaces it is recommended to configure them with a single peer per interface, disable route-allowed-ips and either configure allowed-ips to 0.0.0.0/0 or all ip addresses which might ever be routed over the interface including any multicast addresses required by the routing protocol.

Binaries

Prebuilt binaries are available under releases.

The binaries are statically linked against musl libc to mitigate potential issues with Ubiquiti EdgeOS's outdated glibc.

Persistence on Reboot on USG

On the USG3/4 Pro the commandline setup above does not survive reboot/re-provisioning. The settings need to be added to a config.gateway.json file and placed on the controller. Depending on your particular setup, this file can be located in several locations. You can use the commented example below and follow the instructions in Unifi - USG Advanced Configuration Using config.gateway.json to create the file in the appropriate location. The firewall changes can be made in the UI, or added to the file.

{
  "firewall": {
    "group": {
      "network-group": {
        "remote_user_vpn_network": {
          "description": "Remote User VPN subnets",
          "network": [
            "10.16.1.0/24"  //Subnet assigned to wireguard clients
          ]
        }
      }
    }
  },
  "interfaces": {
    "wireguard": {
      "wg0": {
        "address": [
          "10.16.1.1/24"  //USG gateway address in wireguard subnet
        ],
        "firewall": {
          "in": {
            "name": "LAN_IN"
          },
          "local": {
            "name": "LAN_LOCAL"
          },
          "out": {
            "name": "LAN_OUT"
          }
        },
        "listen-port": "51820",  //Listen port - can be customised, adjust firewall port accordingly
        "mtu": "1500",
        "peer": [{
          "wZ0j/CM/nJ6tdIxFTtBLOxbIoTNoK0Tjn49rZgasLUM=": {   //Peer 1 Public Key
            "allowed-ips": [
              "10.16.1.50/32"               //Peer IP address
            ],
            "persistent-keepalive": 25
          }
        },
        {
          "wZ0j/CM/nJ6tdIxFTtBLOxbIoTNoK0Tjn49rZgasLUM=": {   //Peer 2 public key
            "allowed-ips": [
              "10.16.1.51/32"
            ],
            "persistent-keepalive": 25
          }
        },
        {
          "wZ0j/CM/nJ6tdIxFTtBLOxbIoTNoK0Tjn49rZgasLUM=": {   //Peer 3 public key
            "allowed-ips": [
              "10.16.1.52/32"
            ],
            "persistent-keepalive": 25
          }
        },
        {
          "wZ0j/CM/nJ6tdIxFTtBLOxbIoTNoK0Tjn49rZgasLUM=": {   //Peer 4 public key
            "allowed-ips": [
              "10.16.1.53/32"
            ],
            "persistent-keepalive": 25
          }
        },
        {
          "wZ0j/CM/nJ6tdIxFTtBLOxbIoTNoK0Tjn49rZgasLUM=": {  //Peer 5 public key
            "allowed-ips": [
              "10.16.1.54/32"
            ],
            "persistent-keepalive": 25
          }
        }],
        "private-key": "/config/auth/wireguard/wg_private.key",  //Server key
        "route-allowed-ips": "true"
      }
    }
  }
}
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].